Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Uncovering the Sophisticated Cyber Attacks Targeting Ukraine: A Deeper Dive into GIFTEDCROOK Stealer


A sophisticated cyber attack targeting Ukrainian institutions has been linked to the deployment of GIFTEDCROOK Stealer via malicious Excel files. This article delves into the context surrounding this attack, exploring the tactics, techniques, and procedures employed by the attackers and discussing the implications for cybersecurity professionals.

  • The Ukrainian government is facing a surge in sophisticated cyber attacks targeting military formations, law enforcement agencies, and local self-government bodies near the country's eastern border.
  • A new set of cyber attacks has been detected using phishing emails with macro-enabled Microsoft Excel spreadsheets (XLSM) that deploy two pieces of malware: a PowerShell script and the previously undocumented GIFTEDCROOK stealer.
  • The attackers use tactics such as file names and email subject lines referencing relevant and sensitive issues to trick victims into opening the documents.
  • The GIFTEDCROOK stealer is designed to steal sensitive data from web browsers like Google Chrome, Microsoft Edge, and Mozilla Firefox.
  • The attack campaign has not been directly linked to a specific country of origin, but highlights the need for robust cybersecurity defenses against file-based attacks.



  • The cybersecurity landscape has witnessed an uptick in sophisticated cyber attacks targeting Ukrainian institutions, with a recent revelation highlighting the deployment of a malicious Excel file-stealing tool dubbed GIFTEDCROOK. This article aims to provide an in-depth examination of the context surrounding this attack, exploring the tactics, techniques, and procedures (TTPs) employed by the attackers and discussing the implications for cybersecurity professionals.

    According to reports from the Computer Emergency Response Team of Ukraine (CERT-UA), a new set of cyber attacks has been detected targeting military formations, law enforcement agencies, and local self-government bodies located near Ukraine's eastern border. The activity is characterized by the distribution of phishing emails containing macro-enabled Microsoft Excel spreadsheets (XLSM). These malicious files are designed to execute automatically upon opening, facilitating the deployment of two pieces of malware: a PowerShell script from the PSSW100AVB repository and the previously undocumented GIFTEDCROOK stealer.

    The attackers have employed various tactics to trick prospective victims into opening the documents. File names and email subject lines reference relevant and sensitive issues such as demining, administrative fines, UAV production, and compensation for destroyed property. These details are intended to lend the messages a veneer of legitimacy, increasing the likelihood that recipients will click on the attachments.

    Upon opening the malicious Excel file, the code transforms into malware, which executes without the user's knowledge or consent. This behavior is reminiscent of other macro-enabled Office documents that have been used in phishing campaigns targeting organizations worldwide. The use of macro-enabled files as a vector for malware distribution has become increasingly prevalent due to their ease of creation and dissemination.

    The GIFTEDCROOK stealer, specifically, is designed to facilitate the theft of sensitive data from web browsers like Google Chrome, Microsoft Edge, and Mozilla Firefox. This includes cookies, browsing history, and authentication data, which can be exploited for malicious purposes such as identity theft or further targeted attacks.

    The attack campaign attributed to a threat cluster UAC-0226 has not been directly linked to a specific country of origin. However, the use of a previously undocumented stealer indicates that the attackers are continuing to adapt and evolve their tactics, making it challenging for cybersecurity professionals to detect and respond to these threats in a timely manner.

    The deployment of GIFTEDCROOK Stealer via malicious Excel files highlights the importance of maintaining robust cybersecurity defenses against file-based attacks. It also underscores the need for employees to exercise caution when interacting with unsolicited emails or attachments, even if they appear to be legitimate.

    In conclusion, the recent discovery of GIFTEDCROOK Stealer and its deployment via malicious Excel files serves as a stark reminder of the evolving threat landscape in the cybersecurity realm. As attackers continue to adapt and refine their tactics, it is crucial for organizations to stay vigilant and maintain proactive cybersecurity measures to mitigate these types of threats.

    A sophisticated cyber attack targeting Ukrainian institutions has been linked to the deployment of GIFTEDCROOK Stealer via malicious Excel files. This article delves into the context surrounding this attack, exploring the tactics, techniques, and procedures employed by the attackers and discussing the implications for cybersecurity professionals.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Uncovering-the-Sophisticated-Cyber-Attacks-Targeting-Ukraine-A-Deeper-Dive-into-GIFTEDCROOK-Stealer-ehn.shtml

  • https://thehackernews.com/2025/04/uac-0226-deploys-giftedcrook-stealer.html


  • Published: Tue Apr 8 07:56:37 2025 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us