PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
Summary
A pro-Ukrainian hacktivist group named PhantomCore has been observed exploiting multiple vulnerabilities in TrueConf video conferencing software to gain unauthorized access to Russian networks. These attacks, ongoing since September 2025, utilize an exploit chain that allows for remote command execution on vulnerable servers.
IFF Assessment
This is bad news for defenders as it signifies a sophisticated attack campaign leveraging multiple vulnerabilities to compromise critical infrastructure.
Defender Context
Defenders should be aware of active campaigns targeting video conferencing software, especially those used by organizations within geopolitical conflict zones. Organizations using TrueConf or similar communication tools should prioritize patching any known vulnerabilities and review their network segmentation and access controls to mitigate the impact of such exploits.