Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to
![]()
source https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html
source https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html