Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
IRON Cluster

IRON Cluster Vendor Cyber Rating & Cyber Score

ironcluster.org

IRON is a defense technology cluster based in Lviv. We unite 100+ companies and startups, building an innovative ecosystem for business growth. IRON members develop cutting-edge solutions in robotics, electronics, radio communications, and unmanned systems, bringing innovations to the frontlines.


IRON Cluster A.I CyberSecurity Scoring

IRON Cluster
Company Information
Website:https://ironcluster.org/
Employees number:10
Number of followers:3,401
NAICS:51
Industry Type:Technology, Information and Media
Homepage:ironcluster.org
IRON Cluster Risk Score (AI oriented)
Between 700 and 749
logo
IRON ClusterTechnology, Information and Media
Updated:
24/06/2026
735/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
IRON Cluster Global Score (TPRM)
xxxx
logo
IRON ClusterTechnology, Information and Media
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

IRON Cluster
IRON ClusterModerate
Current Score
735Ba (MODERATE)
01000
1 incidents
-20 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
735Before Incident
JUNE 2026
735Before Incident
MAY 2026
734Before Incident
APRIL 2026
734Before Incident
MARCH 2026
733Before Incident
FEBRUARY 2026
752Before Incident
Cyber Attack
01 Feb 2026IRON Cluster
Besomar: Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign

GhostShell Espionage Campaign Targets Ukraine’s UAV Sector with RAR Exploit

732After Incident
CRITICAL-20
IRO1782289540
GhostShell Espionage Campaign Targets Ukraine’s UAV Sector with RAR Exploit A newly uncovered cyberespionage campaign, attributed to an emerging threat actor dubbed GhostShell (Malwarebox ID MB-0009), is targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem. The operation leverages a malicious RAR archive Besomar_documentation.rar containing decoy PDFs mimicking documents from Besomar, a Ukrainian fixed-wing drone developer. The attack exploits two vulnerabilities, CVE-2025-8088 and CVE-2025-6218, during archive extraction to deploy a VBS loader in the Windows Startup folder, ensuring persistence regardless of the archive’s working directory. The sample (SHA-256: 28f58061348a1c54fa6e7ff6618630259618d4afdf78514d5fccfc993797cdff) was initially misattributed to another cluster (UAC-0226) but exhibits distinct tradecraft and infrastructure. The decoy PDFs identical in size and timestamped June 6, 2026 reference UAV hardware, charging stations, and procurement documents, suggesting a tailored social engineering approach targeting military units, technical staff, procurement personnel, and defense-sector partners. According to a report by Synaptic, the campaign has been active since at least February 2026. The VBS loader acts as a bootstrapper, decoding a Base64-encoded payload in-memory and fetching two executables from cloudaxis[.]cc (/gsmft/yueu/fkvqld/tvqqwh/ushu/122.exe and update.exe). The domain, registered in February 2026, hosts a decoy public site while concealing malicious endpoints behind 404-style responses. Analysis of the executables 122.exe (SHA-256: ab5681266f70af7df24383f15de876e411fc18e35cb6f24603b12f580b05ccb3) and 22.exe (SHA-256: 8de34006dafd990853a45cbe9aaab4ee18c8cd4c1ad0a98fe71f8d63cd60db25) reveals sophisticated encryption. 122.exe contains an encrypted overlay decrypted via a fixed XOR key (d0cd4cb8d4673e28), exposing an embedded PE. The malware employs a custom decryption routine with AVX2 and scalar code paths, using a per-byte key calculation ((i7 – 0x58) & 0xFF*) to decrypt payloads. Network telemetry shows the loader contacting cdnexpress[.]cc and posting data to an /analytics endpoint, with the server requiring client certificate authentication. GhostShell’s infrastructure avoids uniform registration patterns, complicating tracking. The campaign’s focus on Ukraine’s UAV sector combining zero-click RAR exploits, tailored decoys, robust persistence, and multi-stage encrypted payloads indicates a targeted intelligence-gathering operation rather than opportunistic cybercrime.
INCIDENT DETAILS -
TYPE
Cyberespionage
MOTIVATION
Intelligence-gathering
IMPACT
Systems Affected: Windows systems with Startup folder persistenceOperational Impact: Potential compromise of UAV-related intellectual property and procurement data
DATA BREACH
Type Of Data Compromised: UAV hardware, charging stations, and procurement documentsSensitivity Of Data: High (military/defense-related)Data Exfiltration: Likely (malware contacts C2 servers)Data Encryption: Custom encryption with XOR and AVX2/scalar routinesPDFPE executables
JANUARY 2026
752Before Incident
DECEMBER 2025
752Before Incident
NOVEMBER 2025
752Before Incident
OCTOBER 2025
752Before Incident
SEPTEMBER 2025
752Before Incident
AUGUST 2025
752Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for IRON Cluster ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in June 2026 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in May 2026 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in April 2026 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in March 2026 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in February 2026 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in January 2026 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in December 2025 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in November 2025 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in October 2025 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in September 2025 ?
?
What was IRON Cluster's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on IRON Cluster's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with IRON Cluster ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view IRON Cluster's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?