PhantomCore Hacktivist Group Exploits TrueConf Vulnerabilities in Attacks Against Russian Servers

A pro-Ukrainian hacktivist group named PhantomCore has been conducting attacks targeting servers running TrueConf video conferencing software in Russia since September 2025. The threat actors exploited a chain of three vulnerabilities to achieve remote command execution on vulnerable systems. The campaign was documented in a report published by Positive Technologies, which attributed the activity to the group. No specific CVE IDs, technical details of the vulnerabilities, or exact impacts were disclosed in the available content. The attacks specifically focused on TrueConf software deployments within Russian networks.