Gamaredon’s infection chain: Spoofed emails, GammaDrop and GammaLoad

Gamaredon is conducting relentless, large-scale spearphishing campaigns against Ukrainian state institutions by exploiting CVE-2025-8088 and leveraging auto-generated, multi-stage VBScript malware delivered via spoofed or compromised government emails, with resilient Cloudflare-proxied infrastructure that evades standard detection and authentication controls.