CANFAIL phishing-delivered PowerShell dropper chain
Malware Activity
Summary
Hide ▲
Show ▼
The CANFAIL malware chain is being delivered through phishing lures and disguised attachments, creating a path to PowerShell-based execution and a fake error screen that can mask compromise. That combination raises the odds of successful infection and makes detection harder for targeted users.
Related Happenings
LeakNet ClickFix compromised-website targeting campaign
Campaign
First: 17.03.2026 16:34
Last: 17.03.2026 16:34
Sources 1
About this happening:
The **LeakNet** ransomware operation has shifted to **ClickFix** delivery through **compromised websites**, broadening its initial access playbook and making compromise harder to...
LeakNet ClickFix compromised-website targeting campaign
CampaignAbout this happening: The **LeakNet** ransomware operation has shifted to **ClickFix** delivery through **compromised websites**, broadening its initial access playbook and making compromise harder to...
CANFAIL phishing campaign impersonating Ukrainian energy organizations
Campaign
First: 13.02.2026 19:27
Last: 13.02.2026 19:27
Sources 1
How related:
Recent phishing campaigns have involved the threat actor impersonating legitimate national and local Ukrainian energy organizations to obtain unauthorized access to organizational and personal email accounts.
About this happening:
A **previously undocumented threat actor** is running a **CANFAIL phishing campaign** that impersonates **Ukrainian energy organizations** to gain unauthorized access to email acc...
CANFAIL phishing campaign impersonating Ukrainian energy organizations
CampaignHow related: Recent phishing campaigns have involved the threat actor impersonating legitimate national and local Ukrainian energy organizations to obtain unauthorized access to organizational and personal email accounts.
About this happening: A **previously undocumented threat actor** is running a **CANFAIL phishing campaign** that impersonates **Ukrainian energy organizations** to gain unauthorized access to email acc...
Multi-stage AitM phishing and BEC campaign against energy-sector organizations
Campaign
First: 23.01.2026 10:25
Last: 23.01.2026 10:25
Sources 1
About this happening:
A **multi-stage AitM phishing** and **BEC** operation is targeting **multiple energy-sector organizations**, creating immediate risk of credential theft and unauthorized mailbox a...
Multi-stage AitM phishing and BEC campaign against energy-sector organizations
CampaignAbout this happening: A **multi-stage AitM phishing** and **BEC** operation is targeting **multiple energy-sector organizations**, creating immediate risk of credential theft and unauthorized mailbox a...
Timeline
-
13.02.2026 19:27 2 articles · 3mo ago
GTIG attributes CANFAIL phishing chain to attacks on Ukrainian organizations
Technical Analysis UpdateGoogle Threat Intelligence Group attributed a previously undocumented threat actor to CANFAIL attacks against Ukrainian organizations and described a delivery chain that uses phishing lures, Google Drive links, a RAR archive, and a disguised `*.pdf.js` file to launch obfuscated JavaScript that runs a PowerShell script and a memory-only PowerShell dropper.
Show sources
- Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs — thehackernews.com — 13.02.2026 19:27
- Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs — thehackernews.com — 13.02.2026 19:27