We observed an increased number of phishing attacks in the Ukrainian cyberspace in February, just before Russia invaded Ukraine on February 24, 2022. The attacks we observed targeted a network infrastructure hardware producer, a domain administrator, as well as services and institutions in different areas, such as shipping, web-hosting, platforms for recruiters, and marketers. RATs (Remote Access Tools) and password stealer malware, like AgentTesla or FormBook were included as attachments in phishing emails spreading with subject lines related to invoices and payments. We believe these attacks might have been designed to attack the country’s internet infrastructure, and could be related or served to complement the DDoS attacks that were carried out against Ukraine’s Department of Defense and Banks just before Russia invaded the country.