SHSU A.I CyberSecurity Scoring
SHSU
Company Information
Website:http://hydro.gov.ua
Employees number:25
Number of followers:0
NAICS:483
Industry Type:Maritime Transportation
Homepage:hydro.gov.ua
SHSU Risk Score (AI oriented)
Between 800 and 849
SHSUMaritime Transportation
Updated:
05/04/2026
05/04/2026
809/1000
Good
A
SHSU Global Score (TPRM)
xxxx
SHSUMaritime Transportation
Score locked

SHSUGood
Current Score
809A (GOOD)
01000
1 incidents
-8 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
809
JUNE 2026
809
MAY 2026
809
APRIL 2026
809
MARCH 2026
808
FEBRUARY 2026
808
JANUARY 2026
816
Vulnerability
15 Jan 2026 • SHSU
Zimbra and Ukraine’s State Hydrographic Service: Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency
Russian APT28 Exploits Zimbra Flaw in Stealthy Phishing Attack on Ukrainian Agency
808
CRITICAL-8
ZIMSTA1773930456
Russian APT28 Exploits Zimbra Flaw in Stealthy Phishing Attack on Ukrainian Agency
A Russian state-backed hacking group, APT28 (also known as Fancy Bear), targeted Ukraine’s State Hydrographic Service in a sophisticated phishing campaign exploiting a cross-site scripting (XSS) vulnerability in Zimbra webmail. The attack, uncovered by cybersecurity firm Seqrite, leveraged CVE-2025-66376 to inject malicious code into an email’s HTML body, bypassing traditional security measures.
Unlike conventional phishing attempts, the email contained no malicious attachments or links. Instead, it appeared as a routine internship inquiry in Ukrainian, with the exploit embedded directly in the message. When opened in an active Zimbra session, the code executed silently, enabling attackers to harvest login credentials, session tokens, backup 2FA codes, stored passwords, and up to 90 days of mailbox data.
The malicious email was sent in January 2025 from a compromised student account. By exploiting a trusted webmail environment, APT28 evaded detection, intercepting authenticated sessions without deploying malware or triggering standard defenses.
APT28, linked to Russia’s military intelligence, has a history of targeting Ukrainian and Western government entities, defense contractors, and logistics networks. Recent research also tied the group to operations involving new malware strains, BadPaw and MeowMeow. Zimbra webmail has been a recurring target for Russian-linked groups, including APT29 and Winter Vivern, in espionage campaigns across Eastern Europe.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
816
NOVEMBER 2025
816
OCTOBER 2025
816
SEPTEMBER 2025
816
AUGUST 2025
816
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for SHSU ??
What was SHSU's A.I Rankiteo Cyber Score in June 2026 ??
What was SHSU's A.I Rankiteo Cyber Score in May 2026 ??
What was SHSU's A.I Rankiteo Cyber Score in April 2026 ??
What was SHSU's A.I Rankiteo Cyber Score in March 2026 ??
What was SHSU's A.I Rankiteo Cyber Score in February 2026 ??
What was SHSU's A.I Rankiteo Cyber Score in January 2026 ??
What was SHSU's A.I Rankiteo Cyber Score in December 2025 ??
What was SHSU's A.I Rankiteo Cyber Score in November 2025 ??
What was SHSU's A.I Rankiteo Cyber Score in October 2025 ??
What was SHSU's A.I Rankiteo Cyber Score in September 2025 ??
What was SHSU's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on SHSU's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with SHSU ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view SHSU's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?