Security news aggregator

Latest coverage for APT28

APT28 is a cyber-espionage threat group associated with targeted attacks against governments, political organizations, and critical infrastructure.

9 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

APT28 is a cyber espionage group linked to Russian military intelligence, known for targeting government, military, and security organizations mainly in Europe and North America. They use custom malware, spear-phishing emails, and occasionally zero-day exploits to infiltrate networks and maintain long-term access for intelligence gathering and influence operations.

Security teams should focus on detecting APT28’s use of specialized backdoors and credential theft tools that enable stealthy lateral movement. Monitoring for targeted spear-phishing campaigns and unusual outbound connections can reveal early compromise signs. Because APT28 sometimes exploits unpatched vulnerabilities, prompt patching and integrating threat intelligence about their tactics are key to limiting exposure and preventing sensitive data loss or operational disruption.

Volume over time

Weekly headline count for the current query.

Showing 9 most recent headlines Filtered view

Ukraine’s CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already exploiting Microsoft's latest Office zero-day, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU.…

Fancy Bear can't keep its claws out of Outlook inboxes The UK government is warning that Russia's APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts.…

ALSO: Microsoft promises to git gud on cybersecurity; unqualified attackers are targeting your water systems, and more infosec in brief It was just around a year ago that a spate of allegedly Russian-orchestrated cyberattacks hit government agencies in Germany, and now German officials claim to know for a fact who did it: APT28, or Fancy Bear, a Russian threat actor linked to the GRU intelligence service.…

Putin's pals use 'GooseEgg' malware to launch attacks you can defeat with patches or deletion Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.…

GRU-linked crew going after our code warns Microsoft - Outlook not good Fancy Bear, the Kremlin's cyber-spy crew, has been exploiting two previously patched bugs for large-scale phishing campaigns against high-value targets – like government, defense, and aerospace agencies in the US and Europe – since March, according to Microsoft. …