Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ukraine's Defense Forces charity-themed PluggyApe campaign

Campaign
First reported
Last updated
Happening score
H score 40
2 unique sources, 2 articles

Summary

Hide ▲

Ukraine's Defense Forces were targeted in a charity-themed campaign that delivered the PluggyApe backdoor, creating a focused October to December 2025 operation against a defense-sector cohort. The activity matters because the operators used Signal or WhatsApp, deceptive charity portals, and malware delivery tactics to increase the chance of successful compromise.

Related Happenings

NCSC alert on messaging-app targeting of high-risk individuals

Public Sector Action
First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **UK National Cyber Security Centre (NCSC)** issued a **March 31 alert** warning that **Russia-based actors** were targeting **high-risk individuals** through messaging apps,...

Open Happening

CrystalRAT Telegram-promoted malware-as-a-service

Malware Activity
First: 02.04.2026 02:17 Last: 02.04.2026 02:17 Sources 1

About this happening: The **CrystalRAT** malware-as-a-service is being promoted on **Telegram** and **YouTube** with **remote access**, **data theft**, **keylogging**, and **clipboard hijacking**, incr...

Open Happening

Signal and WhatsApp anti-phishing account-hardening guidance

Defensive Guidance
First: 21.03.2026 15:17 Last: 21.03.2026 15:17 Sources 1

About this happening: A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...

Open Happening

SORVEPOTEL WhatsApp malware campaign spreads across Brazil

Campaign
First: 12.03.2026 19:31 Last: 12.03.2026 19:31 Sources 1

About this happening: A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...

Open Happening

Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign

Campaign
First: 09.03.2026 23:24 Last: 09.03.2026 23:24 Sources 1

About this happening: An **ongoing Russian state-sponsored phishing campaign** is targeting **Signal** and **WhatsApp** users, with the **UK NCSC** warning on **March 31** that **Russia-based actors**...

Open Happening

Timeline

  1. 14.01.2026 07:48 1 articles · 4mo ago

    CERT-UA attributes PLUGGYAPE attacks on Ukrainian defense forces to Void Blizzard

    Attribution Update

    CERT-UA attributed PLUGGYAPE attacks on Ukrainian defense forces to Void Blizzard with medium confidence, saying the operators used Signal and WhatsApp charity lures, password-protected archives, and a PyInstaller-built executable that deployed a Python backdoor communicating over WebSocket or MQTT.

    Show sources
    Open in new tab
  2. 14.01.2026 01:03 1 articles · 4mo ago

    Ukraine's Defense Forces charity-themed PluggyApe campaign

    Initial Disclosure

    The campaign began with **Signal or WhatsApp** messages that pointed targets to a charity-themed website and a password-protected archive. Early delivery used disguised files such as **.docx.pif** and later **PluggyApe** loaders to place the backdoor on targeted systems.

    Show sources
    Open in new tab