216.73.216.133

Pressure on Ukraine and Poland Continues

· Published 20/08/2025 17:38 · Modified 20/08/2025 21:20

Export JSON

Essential information

Published
20/08/2025 17:38
Modified
20/08/2025 21:20
Tags
2025-08-20 c++ cobalt strike downloaders espionage infrastructure poland slack ukraine vba macros xls
Related entities
1 intrusion sets (apt), 14 techniques (mitre), 1 malware, 4 others

Description

Recent analysis reveals two clusters of malicious archives targeting and since April 2025, linked to UAC-0057 (also known as UNC1151, FrostyNeighbor or Ghostwriter). The infection chains aim to collect system information and deploy implants for further exploitation, using readily available tools for obfuscation and packing. The threat actor's toolset and practices have evolved, including the use of for C2 communication and transitions to new top-level domains for . The campaigns consistently target and , with potential expansion to other European countries. Notable tactics include weaponized spreadsheets with obfuscated , C# and C++ , and mimicking legitimate websites.

External references