Start your day with intelligence. Get The OODA Daily Pulse.

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. The activity has been attributed with moderate confidence to a Russian hacking group known as Gamaredon. The threat actor, assessed to be affiliated with Russia’s Federal Security Service (FSB), is known for its targeting of Ukrainian organizations for espionage and data theft. The latest campaign is characterized by the distribution of Windows shortcut (LNK) files compressed inside ZIP archives, disguising them as Microsoft Office documents related to the ongoing Russo-Ukrainian war to trick recipients into opening them. It’s believed these archives are sent via phishing emails.

Read more: https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html