Disrupting FlyingYeti's campaign targeting Ukraine

Cloudforce One has published the results of its investigation into a phishing campaign by Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign capitalized on anxiety over potential loss of access to housing and utilities due to significant debt liability for Ukrainian citizens. FlyingYeti's malware, COOKBOX, was designed to infect targets and allow the actor to control their systems. Cloudforce One took measures to prevent FlyingYeti from launching its campaign, including detections and code takedowns, as well as external collaboration with third parties to remove the actor's cloud-hosted malware. The phishing theme used by FlyingYeti is likely one of many themes leveraged in a larger operation targeting Ukrainian entities, particularly their defense forces.