{"id":51987,"date":"2023-05-19T21:55:00","date_gmt":"2023-05-19T21:55:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine"},"modified":"2023-05-19T21:55:00","modified_gmt":"2023-05-19T21:55:00","slug":"commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/","title":{"rendered":"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/beta.darkreading.com\/images\/og-image.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><strong>Woburn, MA \u2013 May 19, 2023 \u2013 <\/strong>Kaspersky researchers have provided further details on the <a href=\"https:\/\/securelist.com\/bad-magic-apt\/109087\/\" target=\"_blank\" rel=\"noopener\">CommonMagic<\/a> campaign, which was first observed in March targeting companies in the Russo-Ukrainian conflict area. The new research reveals more sophisticated malicious activities from the same threat actor. The investigation identified that the newly-discovered framework has expanded its victimology to include organizations in Central and Western Ukraine. Kaspersky experts have also linked the unknown actor to previous APT campaigns, such as Operation BugDrop and Operation Groundbai (Prikormka).<\/p>\n<p>In March 2023, Kaspersky <a href=\"https:\/\/securelist.com\/bad-magic-apt\/109087\/\" target=\"_blank\" rel=\"noopener\">reported<\/a> a new APT campaign in the Russo-Ukrainian conflict area. This campaign, named CommonMagic, utilizes PowerMagic and CommonMagic implants to conduct espionage activities. Active since September 2021, it employs a previously unidentified malware to collect data from targeted entities. Although the threat actor responsible for this attack remained unknown at the time, Kaspersky experts have persisted with their investigation, tracing the unknown activity back to forgotten campaigns in order to gather further insights.<\/p>\n<p>The recently uncovered campaign utilized a modular framework called CloudWizard. Kaspersky\u2019s research identified a total of 9 modules within this framework, each responsible for distinct malicious activities such as gathering files, keylogging, capturing screenshots, recording microphone input, and stealing passwords. Notably, one of the modules focuses on exfiltrating data from Gmail accounts. By extracting Gmail cookies from browser databases, this module can access and smuggle activity logs, contact lists, and all email messages associated with the targeted accounts.<\/p>\n<p>Furthermore, the researchers have uncovered an expanded victim distribution in the campaign. While the previous targets were primarily located in the Donetsk, Luhansk, and Crimea regions, the scope has now widened to include individuals, diplomatic entities, and research organizations in Western and Central Ukraine.<\/p>\n<p>After extensive research into CloudWizard, Kaspersky experts have made significant progress in attributing it to a known threat actor. They have observed notable similarities between CloudWizard and two previously documented campaigns: Operation Groundbait and Operation BugDrop. These similarities include code similarities, file naming and listing patterns, hosting by Ukrainian hosting services, and shared victim profiles in Western and Central Ukraine, as well as the conflict area in Eastern Europe.<\/p>\n<p>Moreover, CloudWizard also exhibits resemblances to the recently reported campaign CommonMagic. Some sections of the code are identical, they employ the same encryption library, follow a similar file naming format, and share victim locations within the Eastern European conflict area.<\/p>\n<p>Based on these findings, Kaspersky experts have concluded that the malicious campaigns of Prikormka, Operation Groundbait, Operation BugDrop, CommonMagic, and CloudWizard may all be attributed to the same active threat actor. &nbsp;<\/p>\n<p>&#8220;The threat actor responsible for these operations has demonstrated a persistent and ongoing commitment to cyberespionage, continuously enhancing their toolset and targeting organizations of interest for over fifteen years,\u201d said Georgy Kucherin, security researcher at Kaspersky\u2019s Global Research and Analysis Team. \u201cGeopolitical factors continue to be a significant motivator for APT attacks and, given the prevailing tension in the Russo-Ukrainian conflict area, we anticipate that this actor will persist with its operations for the foreseeable future.&#8221;<\/p>\n<p>Read the full report about the CloudWizard campaign on&nbsp;Securelist.<\/p>\n<p>In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:<\/p>\n<ul>\n<li>Provide your SOC team with access to the latest threat intelligence (TI).&nbsp;<a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/threat-intelligence\" target=\"_blank\" rel=\"noopener\">The Kaspersky Threat Intelligence Portal<\/a>&nbsp;is a single point of access for the company\u2019s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.<\/li>\n<li>Upskill your cybersecurity team to tackle the latest targeted threats with&nbsp;<a href=\"https:\/\/xtraining.kaspersky.com\/?utm_source=pr-media&amp;utm_medium=partner&amp;utm_campaign=gl_xtr-gen-pr_je0066&amp;utm_content=sm-post&amp;utm_term=gl_pr-media_organic_66jpzgkgnjbgdrn&amp;redef=1&amp;THRU&amp;reseller=gl_xtr-gen-pr_acq_ona_smm__onl_b2b_pr-media_post_______\" target=\"_blank\" rel=\"noopener\">Kaspersky online training<\/a>&nbsp;developed by GReAT experts<\/li>\n<li>For endpoint level detection, investigation, and timely remediation of incidents, implement EDR solutions such as&nbsp;<a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/endpoint-detection-response-edr\" target=\"_blank\" rel=\"noopener\">Kaspersky Endpoint Detection and Response<\/a><\/li>\n<li>In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as&nbsp;<a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/anti-targeted-attack-platform\" target=\"_blank\" rel=\"noopener\">Kaspersky Anti Targeted Attack Platform<\/a><\/li>\n<li>As many targeted attacks start with phishing or other social engineering techniques, introduce security awareness training and teach practical skills to your team \u2013 for example, through the&nbsp;<a href=\"https:\/\/www.kaspersky.com\/small-to-medium-business-security\/security-awareness-platform\" target=\"_blank\" rel=\"noopener\">Kaspersky Automated Security Awareness Platform<\/a><\/li>\n<\/ul>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-51987","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-19T21:55:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/beta.darkreading.com\/images\/og-image.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine\",\"datePublished\":\"2023-05-19T21:55:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/\"},\"wordCount\":691,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/beta.darkreading.com\\\/images\\\/og-image.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/\",\"name\":\"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/beta.darkreading.com\\\/images\\\/og-image.jpg\",\"datePublished\":\"2023-05-19T21:55:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/#primaryimage\",\"url\":\"https:\\\/\\\/beta.darkreading.com\\\/images\\\/og-image.jpg\",\"contentUrl\":\"https:\\\/\\\/beta.darkreading.com\\\/images\\\/og-image.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/","og_locale":"en_US","og_type":"article","og_title":"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-05-19T21:55:00+00:00","og_image":[{"url":"https:\/\/beta.darkreading.com\/images\/og-image.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine","datePublished":"2023-05-19T21:55:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/"},"wordCount":691,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/#primaryimage"},"thumbnailUrl":"https:\/\/beta.darkreading.com\/images\/og-image.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/","url":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/","name":"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/#primaryimage"},"thumbnailUrl":"https:\/\/beta.darkreading.com\/images\/og-image.jpg","datePublished":"2023-05-19T21:55:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/#primaryimage","url":"https:\/\/beta.darkreading.com\/images\/og-image.jpg","contentUrl":"https:\/\/beta.darkreading.com\/images\/og-image.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/commonmagic-apt-campaign-broadens-target-scope-to-central-and-western-ukraine\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51987"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51987\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}