Ukraine Military Targeted: New Charity Malware

Kyiv – Ukrainian Defence Forces officials were targeted between October and December 2025 in a sophisticated malware campaign disguised as charitable appeals, delivering a backdoor called PluggyApe. The attacks highlight a growing trend of threat actors leveraging altruistic themes to infiltrate sensitive systems.

charity-Themed Attacks Linked to Russian Hackers

ukraine’s CERT reports a likely connection to the Russian-affiliated groups Void Blizzard and Laundry Bear, though attribution remains at a medium confidence level.

The Ukrainian Computer Emergency Response Team (CERT-UA) detailed the attacks in a recent report, noting the probable involvement of Void Blizzard and Laundry Bear. laundry Bear previously gained notoriety for breaching the Dutch police’s internal systems in 2024, resulting in the theft of sensitive officer information.

These hackers are known for concentrating their efforts on NATO member states, conducting espionage activities aligned with Russian interests and focused on stealing files and emails, according to Microsoft security researchers.

The attacks begin with instant messages sent via Signal or WhatsApp,enticing recipients to visit a website purportedly run by a charitable foundation. These messages prompt users to download a password-protected archive containing supposedly relevant documents.

Though, the archives don’t contain charitable documents. Instead, they harbor executable PIF files (.docx.pif) and the PluggyApe payload, sometimes delivered directly through the messaging apps. The malicious PIF files are executables created using PyInstaller, an open-source tool for packaging python applications into self-contained bundles.

Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.

Get the cheat sheet and take the guesswork out of secrets management.

Download Now