Digital Security Lab Ukraine

195 posts

Digital Security Lab Ukraine

Digital Security Lab Ukraine

@DSLab_Ukraine

we help Ukrainian nonprofits with digital safety issues

Katılım Haziran 2018
68 Takip Edilen331 Takipçiler
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
3/3 Indicators (defanged): 🔗 103[.]160[.]59[.]97 🔗 89[.]125[.]66[.]183 🌐 secure-dns-hub[.]com 📧 KovalPavloUrc@proton.me 📦 Files.vhdx inside a password-protected ZIP Full IoCs + analysis in the report
English
0
0
2
44
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
2/3 What makes it sneaky 👇 The first email has NO attachment. The malicious file arrives ONLY after you reply asking for it - so it slips past bulk scanning and reaches only engaged targets. The payload hides inside a virtual disk (VHDX) to dodge Windows' download warning.
English
1
0
2
61
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
1/3DSLU uncovered a targeted phishing campaign against Ukrainian civil society - advocacy groups, journalists, and economists. The lure: fake #URC2026 Ukraine Recovery Conference invitations that quietly install Windows malware. Full report: dslua.org/publications/s…
Digital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet media
English
1
4
6
536
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
🚨 DSLU analyzed a spearphishing campaign targeting Ukrainian organizations, attributed with moderate confidence to UAC-0050. The attackers impersonate Ukraine’s State Tax Service and deliver LiteManager Pro RAT via password-protected archives hosted on Backblaze.
Digital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet media
English
1
3
10
576
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
Threat actors are adapting @signalapp phishing campaigns: Ukrainian users now receive messages allegedly from Signal about “mandatory 2FA” due to ongoing attacks. No codes are requested yet – this is a trust-building step before attempts to steal login codes and hijack accounts.
Digital Security Lab Ukraine tweet media
English
0
2
6
376
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
IOCs: Domains: www[.]saas[.]successint[.]org pub-f2449c7fa66a473db1ad9323672392cf[.]r2[.]dev rushdayz[.]com URL paths: /pta/grd /index.html?eta= /z/api.php?action=save
English
0
0
2
41
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
IOCs: 🔺Domains: ln[.]run badge-verified0903261[.]vercel[.]app 🔺URLs: hxxps://ln[.]run/badge-verified0903261 hxxps://badge-verified0903261[.]vercel[.]app/index1[.]html Detailed analysis and more IOCs: dslua.org/publications/m…
English
0
0
4
43
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
Large-scale phishing attacks keep evolving, abusing trusted platforms like Google, Cloudflare, Vercel, and Telegram. Pre-built kits enable massive scaling. A new “Meta Verified” tactic steals credentials and bypasses 2FA in real time via Telegram exfiltration.
Digital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet media
English
1
2
5
172
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
SHA-256: 4362f67ab65cca32fb610e62745aac7d8587a7bac46e5a6c89db8b4a9c7e9458 f78944a2699b21fb34fc9c1c7c0ae7ca16c709bf72cbc15ad0cdaa66bec8d1bd ad8a491018f5c5edecfc75ec3a3627aa04a26019ce87c8f236bb400ec35c3244 a0e709c0df0e38b30a2283dc5c1667c852d212952cc4db18c364d35a70ca0c96
Français
0
0
3
93
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
IOCs: 46.4.92[.]6 64.20.61[.]146 pixeldrain[.]com id[.]remoteutilities[.]com Payload: Remote Utilities rutserv.exe, rfusclient.exe
Français
1
0
3
215
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
Today we observed an active phishing campaign linked to Russia-aligned threat actors. Emails impersonated Ukrainian government institutions and delivered malicious attachments. The campaign is aimed at infecting Windows endpoints and establishing persistent remote access.
Digital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet mediaDigital Security Lab Ukraine tweet media
English
1
3
8
3K
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
Find more domains on @ValidinLLC : CERT_FINGERPRINT-HOST: 1fa3e6f0a65b7429219022eee3a7976f6761aba0 HOST-JARM: 27d27d27d00027d00042d43d00041df04c41293ba84f6efe3a613b22f983e6
Français
0
0
3
45
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
DSLU is tracking a phishing campaign targeting Facebook accounts. Attackers are abusing Meta Business Suite invites and using two attack vectors: a link to a phishing website and a link prompting users to join a fake Facebook page.
Digital Security Lab Ukraine tweet media
English
1
0
3
170
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
👉 IOCs: ukr-one[.]ors-oc[.]info ukr-one[.]connect-all[.]org ukr-one[.]2dotz[.]org ukr-one[.]naturalbd[.]org ukr-one[.]seateur[.]info ukr-one[.]mirrisunkov[.]cyou
English
1
0
1
43
Digital Security Lab Ukraine
Digital Security Lab Ukraine@DSLab_Ukraine·
⚠️ Attackers are using hacked Telegram accounts to spread fake invitations to “vote for kids in a drawing contest.” The links lead to phishing sites stealing account credentials.
Digital Security Lab Ukraine tweet media
English
1
0
3
277