Russian state-aligned actors have launched a targeted campaign against Ukrainian entities, leveraging newly discovered malware families BadPaw and MeowMeow. The attack vector involves phishing emails containing ZIP archives, which, when opened, execute an HTA file displaying a Ukrainian-language decoy related to border crossing appeals. This decoy serves as a distraction while the malware initiates the infection chain. The use of BadPaw and MeowMeow malware signifies a shift in tactics, potentially indicating a more nuanced and targeted approach by the threat actors. This campaign highlights the evolving threat landscape, where state-aligned activity supplants traditional criminal motivations, necessitating a distinct response strategy1. The geopolitical implications of this campaign underscore the need for practitioners to reassess their threat models and defensive postures, as the motivations and tactics of state-aligned actors differ significantly from those of criminal groups.