APT28, a Russian state-sponsored hacking group, has been using Signal chats to target Ukrainian government entities with new malware families, BeardShell and SlimAgent. These attacks involve phishing tactics to deliver malicious documents that exploit Windows vulnerabilities, allowing for data exfiltration and unauthorized access to sensitive information. CERT-UA has identified these activities, emphasizing the need for vigilance against threats linked to Signal's usage.

Russian malware known as Spypress is exploiting vulnerabilities in webmail services to spy on Ukrainian users, particularly targeting Gmail and Yahoo accounts. The malware facilitates unauthorized access to sensitive information, raising significant security concerns amid ongoing conflict.

A new wiper malware, dubbed "PathWiper," has been used in a destructive cyberattack against critical infrastructure in Ukraine. Conducted through a legitimate endpoint administration framework, the attack showcases a sophisticated understanding of the victim's environment by the attackers, likely associated with Russian nation-state actors.

A recent phishing campaign targeting Ukraine impersonates government agencies, using malicious SVG files to deliver malware including Amatera Stealer and PureMiner. Upon opening the attachment, victims unwittingly download a CHM file that executes a series of malicious actions, ultimately compromising sensitive information and hijacking system resources.