Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Multi-stage phishing campaign targeting users in Russia with Amnesia RAT and ransomware

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

A multi-stage phishing campaign is targeting users in Russia, delivering Amnesia RAT and ransomware that enable credential theft, remote control, and destructive payload execution. The operation matters because it combines staged delivery, cloud-hosted payloads, and security evasion to increase compromise success and resilience.

Related Happenings

ModeloRAT malicious PowerShell and Dropbox delivery activity

Malware Activity
First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...

Open Happening

ACSC ClickFix mitigation guidance for Vidar Stealer

Advisory/Mitigation
First: 07.05.2026 21:00 Last: 07.05.2026 21:00 Sources 1

About this happening: The **ACSC** issued mitigation guidance for an **ongoing ClickFix campaign** that is pushing **Vidar Stealer** through **malicious PowerShell commands**, increasing credential-the...

Open Happening

APT28 Windows Shell LNK campaign targeting Ukraine and E.U. nations

Campaign
First: 28.04.2026 08:50 Last: 28.04.2026 08:50 Sources 1

About this happening: A **December 2025** **APT28** campaign targeted **Ukraine** and **E.U. nations** with a **malicious Windows Shortcut (LNK)** chain that bypassed **Microsoft Defender SmartScreen**...

Open Happening

REF6598 Obsidian social-engineering campaign targeting finance and crypto users

Campaign
First: 16.04.2026 14:02 Last: 16.04.2026 14:02 Sources 1

About this happening: The **REF6598** operation is using **LinkedIn**, **Telegram**, and **Obsidian** to deliver **PHANTOMPULSE**, creating a targeted intrusion path into **financial** and **cryptocurr...

Open Happening

UAC-0247 phishing-led malware campaign targeting Ukrainian government and healthcare institutions

Campaign
First: 16.04.2026 09:20 Last: 16.04.2026 09:20 Sources 1

About this happening: A **March-April 2026** **UAC-0247** phishing campaign targeted **Ukrainian government** and **municipal healthcare organizations**, using **malware delivery** to steal data from *...

Open Happening

Timeline

  1. 24.01.2026 13:09 2 articles · 4mo ago

    Fortinet discloses Russia-targeted multi-stage phishing campaign

    Initial Disclosure

    Fortinet FortiGuard Labs described a multi-stage phishing campaign targeting users in Russia that uses business-themed documents, malicious LNK files, PowerShell, GitHub-hosted scripts, Dropbox-hosted binaries, and defendnot to disable Microsoft Defender before delivering Amnesia RAT and a Hakuna Matata-derived ransomware.

    Show sources
    Open in new tab