FISA

  Officials of Ukraine's Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. Ukraine's CERT says in a report that the attacks were likely launched by the Russian threat group known as 'Void Blizzard' and 'Laundry Bear', although there is medium confidence in attribution. Laundry Bear is the same threat group responsible for breaching the Dutch police's internal systems in 2024 and stealing sensitive information about officers. The hackers are known for focusing on NATO member states in attacks aligned with Russian interests that steal files and emails. The attacks observed by CERT-UA begin with instant messages over Signal or WhatsApp telling recipients to visit a website allegedly operated by a charitable foundation, and download a password-protected archive supposedly containing documents of interest. Instead, the archives contain executable PIF files (.docx.pif...