New GhostShell Hacking Group Targets Ukraine’s Drone Defense Sector
ID: 329f6622-b547-5f23-ad66-61af2354d3b5
STIX ID: report--329f6622-b547-5f23-ad66-61af2354d3b5
Feed Name: HackRead
GhostShell (tracking label MB-0009) is an active cybercriminal campaign discovered targeting Ukraine’s drone sector; attackers send a malicious archive (Besomar_documentation.rar) that drops a startup script, downloads payloads (122.exe, 22.exe, update.exe) from cloudaxiscc, and uses cdnexpress.cc and a Telegram-linked C2 to exfiltrate screenshots, system identifiers, saved credentials and cryptocurrency wallet data (Vidar v2). Synaptic Systems published technical findings and cautioned against premature attribution since language and decoy content can be faked.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
