PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Summary

Pro-Ukrainian hacktivist group PhantomCore has been actively targeting TrueConf video conferencing servers in Russia since September 2025, according to Positive Technologies research. The threat actors are leveraging an exploit chain of three vulnerabilities to achieve remote command execution on vulnerable systems. This represents a coordinated campaign against Russian infrastructure using publicly disclosed or newly discovered flaws.

Indicators of Compromise

• malware — PhantomCore

Entities