Multi-Stage Phishing Campaign Targeting Russia with Amnesia RAT and Ransomware

First reported

24.01.2026 13:09

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A sophisticated multi-stage phishing campaign is targeting users in Russia, employing social engineering tactics to deliver ransomware and Amnesia RAT. The attack begins with business-themed documents that appear benign but contain malicious scripts and payloads distributed via GitHub and Dropbox. The campaign leverages multiple public cloud services to enhance resilience and uses defendnot to disable Microsoft Defender. The malware suppresses visibility, neutralizes endpoint protection, conducts reconnaissance, and deploys payloads capable of data theft, remote control, and financial fraud.

Timeline

24.01.2026 13:09 1 articles · 23h ago

Multi-Stage Phishing Campaign Targeting Russia with Amnesia RAT and Ransomware
A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and Amnesia RAT. The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign. The campaign uses multiple public cloud services to distribute different kinds of payloads, with GitHub mainly used to distribute scripts and Dropbox for binary payloads. The malware suppresses visibility, neutralizes endpoint protection, conducts reconnaissance, and deploys payloads capable of data theft, remote control, and financial fraud.
Show sources

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware — thehackernews.com — 24.01.2026 13:09
Open in new tab

Information Snippets

The campaign uses business-themed documents with malicious scripts and payloads distributed via GitHub and Dropbox.
First reported: 24.01.2026 13:09

1 source, 1 article
Show sources
- Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware — thehackernews.com — 24.01.2026 13:09
The attack leverages defendnot to disable Microsoft Defender by registering a fake antivirus product.
First reported: 24.01.2026 13:09

1 source, 1 article
Show sources
- Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware — thehackernews.com — 24.01.2026 13:09
Amnesia RAT is deployed to steal data from browsers, cryptocurrency wallets, and other applications.
First reported: 24.01.2026 13:09

1 source, 1 article
Show sources
- Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware — thehackernews.com — 24.01.2026 13:09
The ransomware is derived from the Hakuna Matata family and encrypts various file types while modifying clipboard contents to reroute cryptocurrency transactions.
First reported: 24.01.2026 13:09

1 source, 1 article
Show sources
- Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware — thehackernews.com — 24.01.2026 13:09
The campaign involves multiple stages, including suppression of visibility, neutralization of endpoint protection, and deployment of payloads.
First reported: 24.01.2026 13:09

1 source, 1 article
Show sources
- Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware — thehackernews.com — 24.01.2026 13:09