Undisclosed Ukrainian local government entity
July 1, 2025
•[ espionage, webshell, intrusion ]
Symantec observed multi-week summer 2025 espionage intrusion against a Ukrainian local government network using LocalOlive webshell and dual-use Windows tools; no operational disruption reported.
Undisclosed Ukrainian business services organization
June 27, 2025
•[ webshell, credential harvesting, data leak ]
Symantec-reported intrusion beginning June 27, 2025 used LocalOlive webshell and LOTL techniques to harvest credentials and system data; activity persisted through mid-2025; no disruption reported.
Multiple e-commerce stores using Magento extensions
April 1, 2025
•[ supply-chain attack, malware, webshell ]
Supply-chain compromise of 21 Magento extensions backdoored since 2019, activated in April 2025; between 5001,000 e-stores impacted; at least one webshell observed.
