Find notable cyber news and cases, enriched with sources, timelines, and signals.

CANFAIL phishing campaign impersonating Ukrainian energy organizations

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

A previously undocumented threat actor is running a CANFAIL phishing campaign that impersonates Ukrainian energy organizations to gain unauthorized access to email accounts. The operation expands risk to defense, military, government, energy, and related organizations in Ukraine and nearby regions. It uses LLM-generated lures, Google Drive links, and a RAR archive to deliver malware.

Related Happenings

Russian intelligence Signal recovery-key phishing campaign

Campaign
H score29 First: 29.06.2026 11:15 Last: 29.06.2026 11:15 Sources 1

About this happening: An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...

Russian intelligence services fake support SMS messaging-account phishing campaign

Campaign
H score29 First: 27.06.2026 20:27 Last: 27.06.2026 20:27 Sources 1

About this happening: A **long-running phishing campaign** by **Russian intelligence services** is stealing **messaging-account credentials** from officials, military personnel, politicians, and activi...

Turla STOCKSTAY phishing campaign targeting Ukraine and Europe

Campaign
H score37 First: 26.06.2026 10:15 Last: 26.06.2026 10:15 Sources 1

About this happening: Turla's **STOCKSTAY** phishing campaign is targeting **government and military organizations in Ukraine** and selected **European entities**, extending a recurring espionage opera...

GREYVIBE's Kremlin-aligned role in the Russian cybercrime ecosystem

Threat Actor Meta
H score15 First: 29.05.2026 14:31 Last: 29.05.2026 14:31 Sources 1

About this happening: A newly characterized **GREYVIBE** actor sits in a **grey zone** between **Kremlin-aligned intelligence work** and the **Russian cybercrime ecosystem**, complicating attribution f...

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
H score39 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...

Timeline

  1. 13.02.2026 19:27 2 articles · 4mo ago

    GTIG discloses CANFAIL phishing campaign against Ukrainian energy organizations

    Initial Disclosure

    Google Threat Intelligence Group attributed a previously undocumented threat actor to CANFAIL phishing against Ukrainian organizations, including impersonation of legitimate national and local Ukrainian energy organizations to gain unauthorized access to organizational and personal email accounts. GTIG assessed possible links to Russian intelligence services and said the same group also targeted defense, military, government, and energy entities in Ukraine while using LLM-generated lures, Google Drive links to a RAR archive, and malware disguised as *.pdf.js.

    Show sources