: Attributed to TA416 (also known as Mustang Panda or Red Delta ), a China-based threat group known for targeting diplomatic and government entities.
For further reading, you can access the comprehensive threat intelligence reports from Proofpoint and the National Security Archive . Ukraine.zip
: Malicious emails were sent with subject lines or attachments related to the war, such as "Situation at the EU borders with Ukraine.zip". Technical Details & Infection Chain : Attributed to TA416 (also known as Mustang
: The victim receives an email containing a link to a malicious file, often hosted on legitimate services like Dropbox. Technical Details & Infection Chain : The victim
The search for a "full paper" titled "" typically refers to reports on a specific phishing and cyberespionage campaign that emerged shortly before and during the 2022 Russian invasion of Ukraine. In this context, "Ukraine.zip" refers to a malicious archive file used as a lure by state-sponsored threat actors. Overview of the "Ukraine.zip" Campaign
Detailed technical papers describe a multi-stage infection process designed to evade detection: