Ukraine is a country tracked across 50 threat clusters and 2461 intelligence report mentions on ThreatCluster. First observed October 23, 2025; most recent activity July 17, 2026.
A cyberattack targeting Poland's energy grid in December has been linked to a Russian government-affiliated hacking group. The attack affected 30 wind and photovoltaic farms and prompted the Cybersecurity and…
In December 2025, Poland's power grid was targeted by a sophisticated cyberattack attributed to Russia's Federal Security Service (FSB). The attack aimed to disrupt communication between renewable energy systems and…
The FBI and partners disrupted a covert network of compromised TP-Link and MikroTik routers exploited by the Russian GRU (APT28) to steal Outlook credentials. This operation, known as Operation Masquerade, revealed that…
Russian state-backed hackers from APT28 are actively exploiting a high-severity stored cross-site scripting vulnerability (CVE-2025-66376) in the Zimbra Collaboration Suite (ZCS) to target Ukrainian government entities.…
The Russian state-backed hacking group Sandworm has intensified its operations against Ukrainian organizations by deploying data-wiping malware. This campaign targets critical sectors, including the grain industry, and…
Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…
The GhostShell malware cluster is actively targeting Ukraine’s UAV operations and defense supply chain. Utilizing advanced techniques such as mTLS-authenticated implants and Telegram-based loaders, the attackers gain…
On May 24, 2026, Russia launched a nuclear-capable Oreshnik missile at Ukraine, targeting the capital, Kyiv. The missile strike was accompanied by drone attacks, resulting in significant destruction and casualties.…
On June 25, 2026, Ukraine's Security Service (SBU) and the FBI announced a coordinated cyber campaign by Russian intelligence targeting messaging accounts of officials, military personnel, politicians, and activists in…
The Google Threat Intelligence Group has identified DarkSword, a full-chain iOS exploit affecting versions 18.4 to 18.7. This exploit leverages multiple zero-day vulnerabilities, including CVE-2025-31277 and…