Russian APT targets Ukraine with BadPaw and MeowMeow malware
Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When […]
Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When opened, an HTA file displays a Ukrainian-language lure about border crossing appeals while secretly launching the infection chain.
“The attack chain initiates with a phishing email containing a link to a ZIP archive. Once
extracted, an initial HTA file displays a lure document written in Ukrainian concerning border
crossing appeals to deceive the victim.” reads the report published by ClearSky. “Simultaneously, the infection triggers the download of BadPaw, a .NET-based loader. Upon establishing command-and-control (C2) communication, the loader deploys MeowMeow, a sophisticated backdoor.”
Related breach coverage
- Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets2026-03-16
Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family […]
- Iran-nexus APT Dust Specter targets Iraq officials with new malware2026-03-06
A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry of Foreign Affairs in phishing messages that delivered previously unseen malware, including SPLITDROP, TWINTASK, TWINTALK, […]
- Amnesia RAT deployed in multi-stage phishing attacks against Russian users2026-01-27
A multi-stage phishing campaign targets users in Russia with ransomware and Amnesia RAT using fake business documents as lures. FortiGuard Labs researchers uncovered a multi-stage malware campaign mainly targeting users in Russia. The attack uses fake business documents as social engineering lures to distract victims while malware runs in the background. It escalates to full […]
- Suspected Russian hackers deploy CANFAIL malware against Ukraine2026-02-14
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional […]