Cyber-Threat Spotlight: The Ukraine_2021.7z Malware Campaign
: Attackers used visually identical Cyrillic characters to spoof document extensions, making a malicious archive appear as a harmless Word document (e.g., .doc ). Ukraine_2021.7z
The campaign succeeded by exploiting a flaw in . The vulnerability allowed attackers to bypass Mark-of-the-Web (MotW) , a Windows feature that flags internet-downloaded files as untrusted. Cyber-Threat Spotlight: The Ukraine_2021
This file is a used in spear-phishing campaigns. Attackers sent these files—often from previously compromised official accounts—to targets including the Ukrainian Ministry of Justice and public utilities like Kyivпастранс (Kyiv Public Transportation Service). The Zero-Day Exploit: CVE-2025-0411 This file is a used in spear-phishing campaigns
According to reports from Trend Micro and other researchers, the affected entities include: Ministry of Justice of Ukraine Kyiv Water Supply Company (Kyivводоканал) Zaporizhzhia Automobile Plant (ZAZ) Kyiv Public Transportation (Kyivпастранс) How to Protect Yourself