Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
The cyber-espionage group UAC-0226 has significantly evolved its GIFTEDCROOK malware from a basic browser data stealer to a robust intelligence-gathering tool. Three versions were identified between April-June 2025, with the latest iterations capable of exfiltrating a wide range of sensitive documents. The malware's deployment coincided with critical geopolitical events, particularly Ukraine peace negotiations in Istanbul. GIFTEDCROOK is delivered through spear-phishing emails with military-themed PDF lures, targeting Ukrainian governmental and military institutions. Data exfiltration occurs via Telegram bot channels. The threat actor's sophisticated approach, including crafting context-specific lures and timing attacks with political events, suggests a focus on covert intelligence collection to support diplomatic and military decision-making.
OPENCTI LABELS :
cyber-espionage,data exfiltration,ukraine,spear-phishing,telegram,geopolitical,giftedcrook
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations