Gamaredon is targeting Ukrainian military personnel with spear-phishing emails containing malicious XHTML attachments. When opened, these attachments execute obfuscated JavaScript code to download a malicious archive.  It includes a LNK file that, when triggered, uses mshta.exe to execute a remote .tar archive hosted on TryCloudflare[.]com, which is designed to compromise the victims’ systems and potentially … Continue reading Russian APT group Attack Ukrainian Military Using Spear-Phishing