Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. The activity has been attributed with moderate confidence to a Russian hacking group known as Gamaredon. The threat actor, assessed to be affiliated with Russia’s Federal Security Service (FSB), is known for its targeting of Ukrainian organizations for espionage and data theft. The latest campaign is characterized by the distribution of Windows shortcut (LNK) files compressed inside ZIP archives, disguising them as Microsoft Office documents related to the ongoing Russo-Ukrainian war to trick recipients into opening them. It’s believed these archives are sent via phishing emails.

Read more: https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html