Threats Affecting Ukraine
View all threats affecting or targeting Ukraine. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
UkraineThreats Affecting Ukraine
Click on any threat for detailed analysis and mitigation recommendations
Matryoshka #3/3: Gamaredon's Gammasteel Infostealer 0 This analysis examines Gamaredon's (UAC-0010, Armagedon) advanced espionage operations targeting Ukrainian government, military, and critical infrastructure. The FSB-operated group deploys GammaSteel, a sophisticated stealer operating almost entirely from memory using Windows DPAPI encryption and storing 71 distinct payload functions in the HKCU\Printers registry key. The malware employs three concurrent data acquisition mechanisms: timed drive scans, USB monitoring for air-gapped systems, and real-time file surveillance. Exfiltration occurs via legitimate S3-compatible cloud storage (Tebi.io) with fallback to operator-controlled servers. The infection chain extensively uses VBScript for evasion, Dead Drop Resolvers on platforms like Telegram and Mastodon for C2 configuration, and includes bidirectional backdoor capabilities enabling arbitrary remote code execution. Infrastructure demonstrates high automation with servers rotated approximately every 24 hours. Join the discussion | AlienVault OTX General | 06/04/2026, 13:57:26 UTC Added: 06/05/2026, 08:49:15 UTC |
FSB’s matryoshka #2/3 – Gamaredon’s gifts that keeps unpacking – GammaLoad 0 Gamaredon, an FSB-operated cyberespionage group, continues targeting Ukrainian government, military, and critical infrastructure through sophisticated multi-stage infection chains. This analysis examines GammaLoad, a collection of VBScript loaders that establish continuous access through three distinct stages. The malware leverages Dead Drop Resolvers on legitimate platforms including Telegram, Telegraph, and Check-Host to maintain persistent C2 communications while storing configurations in Windows registry keys. Each stage employs different techniques: the first fingerprints hosts and uses failover mechanisms, the second writes payloads to Alternate Data Streams and establishes persistence via scheduled tasks, and the third executes obfuscated PowerShell to deliver the final GammaSteel payload. This matryoshka architecture enables operators to deploy arbitrary payloads while remaining largely invisible by abusing trusted Windows features and cloud platforms. Join the discussion | AlienVault OTX General | 06/03/2026, 13:18:24 UTC Added: 06/04/2026, 08:48:45 UTC |
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks 0 A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...] Join the discussion | Bleeping Computer | 05/28/2026, 22:24:49 UTC Added: 05/28/2026, 22:34:06 UTC |
Showing 1 to 3 of 3 results