Victor Zhora

CERT-UA has released its analytical report, "Cyber Threats: Ukraine" (Н2 2025). Experts synthesised findings from recent cyber incidents, mapped the evolution of hostile hacker groups, and detailed the adversary's novel tactics and techniques. cip.gov.ua/en/news/znizhe…

🇺🇦Ukraine's cyber defence ecosystem has undergone a major transformation since the Russian invasion, creating an important case for understanding modern cyber defence during a long-term active conflict. Our new policy brief examines how Ukraine has adapted its cyber defence architecture and identifies some critical lessons for NATO and allied countries. 👉Read the report: ccdcoe.org/library/public…

Russian cyber operations are synchronised with missile strikes. Physically hit a power plant, then deploy malware to prevent recovery and maximise panic. He calls it "cyber-artillery."

The Sidechannel: "Victor Zhora, the former architect of Ukraine's digital defence, now a soldier near the front line, delivered one of the most grounded perspectives on modern warfare. ⬇️

My keynote at V2 Security vimeo.com/1168408700

According to feedback, the arrival of glide bombs (KABs) nearby—which can be heard in the recording—made quite an impression on the audience of about 1,500 people. I’ll share the video link in the next post.

I also discussed Ukraine’s experience in countering cyber aggression, as well as what our European partners should do to properly prepare for the almost inevitable hybrid war.

At the end of last year, I was honoured by the invitation to deliver a keynote speech at Denmark’s largest cybersecurity conference, V2 Security. Understanding that during a combat mission it would likely be impossible for me to get in touch, I recorded the talk in advance.

Sednit, aka APT28/Fancy Bear 🐻🇷🇺 , is deploying two new potent hacking tools, Beardshell and Covenant, primarily targeting Ukrainian military personnel. My @ESETresearch colleagues analyze this GRU-homemade toolset in a new blogpost. welivesecurity.com/en/eset-resear…

While I was on a combat mission, The Resilient kindly published my essay "This is what the EU can learn about digital sovereignty from the war in Ukraine". The link is in the comments. Photo: Ali Lorestani/TT/Ritzau Scanpix

UAC-0001 (aka #APT28 or #FancyBear) exploits CVE-2026-21509 to target Ukraine and EU with COVENANT framework. Details (UA only): cert.gov.ua/article/6287250

@DanCimpean 🫡

Thanks for posting it @VZhora !!!

‼️At the end of last year, there was a series of coordinated attacks in Polish cyberspace. 📌Today, our team is publishing a report describing the technical analysis of these events. We show the scheme of operation and the tools used by the attackers. ➡️cert.pl/uploads/docs/C…

@UK_Daniel_Card Thank you sir, I’m well, hope ur too.

@VZhora No probs! Hope ur well dude! 🙏

A mass phishing alert targeting security and defense sector of Ukraine. The message incites to open a RAR archive with RAT enclosed which imitates an order. This activity is preliminary attributable to UAC-0200. Here’s a screenshot from my phone. A good attempt (actually not).

@UK_Daniel_Card I’m sorry, I’ve shared it with CERT-UA and deleted afterwards.

@VZhora have you got a sample/hash you can share?