Ukrainian Defense Forces were attacked by a charity-themed malware campaign delivering backdoor malware called PluggyApe, likely linked to the Russian threat groups Void Blizzard and Laundry Bear. The campaign used deceptive messages to lure victims into downloading malicious files disguised as documents. CERT-UA warns that mobile devices are increasingly targeted due to their weaker security.