<ul><li>Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader.</li><li>Talos researchers warn that Gamaredon is behind the spear-phishing attacks targeting Ukrainian entities since 2014.</li><li>The campaign, active since November 2024, involves distributing LNK files disguised as Office documents.</li><li>Gamaredon uses PowerShell downloader and DLL sideloading to execute the Remcos backdoor payload.</li></ul>

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Discover more