logo

New GhostShell Hacking Group Targets Ukraine’s Drone Defense Sector

ID: 329f6622-b547-5f23-ad66-61af2354d3b5

STIX ID: report--329f6622-b547-5f23-ad66-61af2354d3b5

Feed Name: HackRead

Threat Score
70/100

Date Published: 2026-06-24

Date Updated: 2026-06-24

Author: Deeba Ahmed

...
...

GhostShell (tracking label MB-0009) is an active cybercriminal campaign discovered targeting Ukraine’s drone sector; attackers send a malicious archive (Besomar_documentation.rar) that drops a startup script, downloads payloads (122.exe, 22.exe, update.exe) from cloudaxiscc, and uses cdnexpress.cc and a Telegram-linked C2 to exfiltrate screenshots, system identifiers, saved credentials and cryptocurrency wallet data (Vidar v2). Synaptic Systems published technical findings and cautioned against premature attribution since language and decoy content can be faked.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.