Home/Tag/Apt28

Apt28

9 articles tagged with "Apt28"

Malware4 min read

APT28 Deploys PRISMEX Malware Against Ukraine and NATO Allies

Russian GRU's APT28 uses new PRISMEX malware suite with steganography and COM hijacking to target Ukraine defense and NATO logistics. Includes wiper capability.

James RiveraApr 10, 2026

Threat Intelligence4 min read

FBI Disrupts APT28's FrostArmada Router Hijacking Campaign

FBI-led Operation Masquerade dismantled Russia's GRU-linked FrostArmada, which compromised 18,000+ routers to steal Microsoft 365 credentials via DNS hijacking.

Alex KowalskiApr 10, 2026

Threat Intelligence4 min read

APT28 Uses BEARDSHELL and COVENANT to Spy on Ukraine

Russian GRU-linked APT28 deploys BEARDSHELL and COVENANT implants for long-term surveillance of Ukrainian military personnel. ESET research reveals cloud storage abuse for C2.

Alex KowalskiMar 10, 2026

Threat Intelligence4 min read

APT28 Linked to MSHTML Zero-Day Exploited Before Patch

Security researchers tie Russia's APT28 to CVE-2026-21513 exploitation using malicious LNK files. The MSHTML zero-day was weaponized weeks before Microsoft's February patch.

Alex KowalskiMar 3, 2026

Threat Intelligence4 min read

AI Knowledge Graphs Transform APT Threat Intelligence

SANS researchers demonstrate how open-source AI tools extract actionable relationships from unstructured threat reports, mapping GRU and APT28 TTPs in interactive visualizations.

Alex KowalskiFeb 13, 2026

Threat Intelligence4 min read

APT28 Targets European Maritime Sector via Office Flaw

Russia's APT28 exploited CVE-2026-21509 to hit maritime and transport organizations across nine countries, with shipping firms making up 35% of targets.

Alex KowalskiFeb 5, 2026

Threat Intelligence3 min read

APT28 Weaponized Office Zero-Day in Three Days Flat

Operation Neusploit saw Russia's APT28 exploit CVE-2026-21509 against 60+ Ukrainian targets within 72 hours of Microsoft's disclosure, delivering MiniDoor and BEARDSHELL backdoors.

Alex KowalskiFeb 5, 2026

Threat Intelligence4 min read

Russia's Fancy Bear Running Low-Cost Credential Theft Across Three Continents

Recorded Future tracks APT28 harvesting credentials from energy, defense, and government targets in the Balkans, Middle East, and Central Asia using free hosting infrastructure.

Alex KowalskiJan 22, 2026

Threat Intelligence4 min read

Russia's APT28 Harvests Credentials Across Balkans and Central Asia

Fancy Bear campaigns from February through September 2025 targeted energy, defense, and policy organizations using fake VPN and email login pages.

Alex KowalskiJan 11, 2026