APT28
-
Microsoft says Windows Shell flaw was actively exploited after patch
Microsoft said a Windows Shell spoofing flaw was actively exploited after patching, with researchers linking the issue to an incomplete fix and a zero-click path that could expose NTLM credentials.
-
Russian military hackers target thousands of consumer routers, researchers say
Russian military-linked hackers used tens of thousands of consumer routers in 120 countries to reroute traffic to credential-harvesting sites, researchers said. The campaign targeted older MikroTik and TP-Link devices and used DNS changes to intercept connections.
-
APT28 linked to router hijacking campaign that affected 200 organizations
APT28 has been linked to a campaign that hijacked insecure routers to redirect DNS traffic and steal credentials. The operation affected more than 200 organizations and 5,000 consumer devices, according to Microsoft.
-
APT28 uses BEARDSHELL and COVENANT to surveil Ukrainian military
ESET documented APT28 use of BEARDSHELL and COVENANT to surveil Ukrainian military since April 2024. The implants use cloud storage for command and control and show links to earlier APT28 tooling.
-
New Russian-linked campaign uses BadPaw loader to deploy MeowMeow backdoor in Ukraine
A new cyber campaign targeted Ukrainian organizations using a .NET loader named BadPaw that deploys a MeowMeow backdoor after a phishing ZIP archive and HTA lure, with sandbox checks and persistence tactics.
-
APT28 targets Western and Central Europe with document beacons and webhook exfiltration
APT28 ran Operation MacroMaze from September 2025 to January 2026 targeting Western and Central Europe, using spear-phishing documents that beacon to webhook hosts and exfiltrate command output through browser-based HTML forms.
-
APT28 exploits Microsoft Office bug to deploy email stealer and Covenant implant
Russia-linked APT28 exploited a Microsoft Office bypass tracked as CVE-2026-21509 to deliver an Outlook email stealer and a Covenant Grunt implant in Ukraine, Slovakia and Romania, researchers say.
-
France interior ministry confirms cyberattack on e-mail servers
France’s Interior Ministry confirmed a cyberattack on its e-mail servers that allowed access to some files; investigators have not confirmed whether data was stolen and are probing motives including foreign interference, activists and cybercrime.
-
Ukraine agency says Russian-linked hackers used AI to aid cyber attacks in H1 2025
Ukraine’s SSSCIP said Russian-linked hackers increased use of AI in cyber attacks in H1 2025, recording 3,018 incidents and using AI-generated phishing and malware while exploiting webmail flaws and abusing legitimate cloud services.
-
APT28 Hackers Exploit Signal to Deploy Advanced Malware Against Ukraine
CERT-UA has issued an urgent warning about APT28’s sophisticated malware deployment using Signal to target Ukrainian entities. The introduction of BEARDSHELL and COVENANT signifies an alarming escalation in cyber threats.
