Sandworm compromised Ukrainian networks using a fake CAPTCHA.

Russia’s military intelligence unit tricks victims into pasting malicious commands themselves, a technique migrated from criminal scams to state espionage.

Ukraine’s Computer Emergency Response Team is urging administrators to hunt for web shells and other signs of compromise.

Sources: Ars Technica