PhantomCaptcha: Multi‑Stage WebSocket RAT Targets Ukraine in Single‑Day Spearphishing Operation
On October 8, 2025, SentinelLABS identified a coordinated spearphishing operation that targeted organizations critical to Ukraine’s war relief efforts. Attackers sent emails posing as the Ukrainian President’s Office, containing an 8‑page PDF attachment (SHA‑256: e8d0943042e34a37ae8d79aeb4f9a2fa07b4a37955af2b0cc0e232b79c2e72f3). The PDF, designed to appear as a legitimate governmental communique, embedded a malicious link that deployed a sophisticated WebSocket RAT. Victims included the International Committee of the Red Cross, UNICEF Ukraine, the Norwegian Refugee Council, the Council of Europe’s Register of Damage for Ukraine, and several Ukrainian regional administrations. VirusTotal submissions from October 8 showed the file was uploaded from multiple locations worldwide, indicating a wide‑scale delivery effort. The attack chain leveraged user trust and bypassed conventional security controls, highlighting the need for heightened email vigilance and advanced threat detection.
Who We Work With
Empowering industries with secure, intelligent digital solutions.
We partner with a wide range of sectors — helping each one solve unique challenges with future-ready technology.
FAQ
Frequently Asked Questions.
We provide a full suite of technology solutions including software development, cybersecurity, AI, blockchain, document digitization, KYC/KYB authentication, and big data services — all tailored to your business needs.
Ready to Future-Proof Your Business?
Whether you're just starting your transformation or looking to optimize complex systems, we're here to help with secure, scalable, and intelligent technology solutions.