Ransomware Attack Disrupts Operations at Lucknow Advertising Firm
The GIFTEDCROOK malware has undergone significant upgrades, transforming from a basic browser data stealer into a sophisticated intelligence-gathering tool. Recent campaigns in June 2025 have showcased its enhanced ability to exfiltrate sensitive documents, including proprietary files and browser secrets, particularly targeting Ukrainian governmental and military entities, according to a report by Arctic Wolf Labs.
Initially documented by Ukraine's Computer Emergency Response Team (CERT-UA) in April 2025, GIFTEDCROOK is linked to the hacking group UAC-0226. The malware is deployed through phishing emails containing macro-laden Microsoft Excel documents, which act as a gateway for infection.
Originally an information stealer, GIFTEDCROOK now harvests documents and files under 7 MB, specifically targeting those created or modified within the last 45 days. It searches for various file types, including .doc, .pdf, .xls, and .zip, among others.
The phishing campaigns utilize military-themed PDF lures to entice users into clicking links that lead to a macro-enabled Excel workbook. Once macros are enabled, GIFTEDCROOK is downloaded. The stolen information is then compressed into ZIP archives and sent to an attacker-controlled Telegram channel, cleverly avoiding detection by breaking larger files into smaller parts.
This evolution of GIFTEDCROOK signifies a shift towards targeted cyber espionage, posing significant risks to individuals in public sector roles and the networks they operate within. Arctic Wolf notes that the malware's development aligns with geopolitical events, particularly the ongoing negotiations between Ukraine and Russia, highlighting its role in enhancing data collection from compromised systems.
Comment(s)
Recent Posts
