In a shocking twist akin to discovering water is wet, a Russian-aligned cyber threat actor, affectionately named UAC-0050, has charmed its way into a European financial institution’s inbox. This time, instead of your Nigerian prince cousin offering millions, it’s a cleverly disguised spoofed domain promising intelligence gathering as a light appetizer and financial theft as the main course.

Spotting an opportunity for international espionage with a side of ill-gotten gains, UAC-0050 is seemingly expanding its horizons beyond Ukraine. Their strategic decision to target unnamed entities supporting the war-torn nation seems about as subtle as a bear in a ballet costume tiptoeing through a china shop.

As if financial institutions needed another reason to double-check their spam filters, it turns out that these organizations become as giddy as stockbrokers on a bull market day when they find out they’ve been conned by malware named like a funky beats playlist, RMS. Cybersecurity experts suggest not clicking on anything that looks suspicious, unless you’re just dying to see your bank balance hit absolute zero.