Security news aggregator

Latest coverage for APT28

APT28 is a cyber-espionage threat group associated with targeted attacks against governments, political organizations, and critical infrastructure.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

APT28 is a cyber espionage group linked to Russian military intelligence, known for targeting government, military, and security organizations mainly in Europe and North America. They use custom malware, spear-phishing emails, and occasionally zero-day exploits to infiltrate networks and maintain long-term access for intelligence gathering and influence operations.

Security teams should focus on detecting APT28’s use of specialized backdoors and credential theft tools that enable stealthy lateral movement. Monitoring for targeted spear-phishing campaigns and unusual outbound connections can reveal early compromise signs. Because APT28 sometimes exploits unpatched vulnerabilities, prompt patching and integrating threat intelligence about their tactics are key to limiting exposure and preventing sensitive data loss or operational disruption.

Volume over time

Weekly headline count for the current query.

Showing 12 most recent headlines Filtered view
Bank Info Security 3 months, 4 weeks ago

Breach Roundup: Fancy Bear in Schmancy OpSec Failure

Also, Telus Breach, Microsoft Hotpatching, Interpol Malicious IP TakedownThis week, Russian hacker OpSec failure, Interpol helped disrupt 45,000 malicious IPs, the FBI is looking for an ATM jackpotting suspect and Telus disclosed a breach. Windows hotpatching, an FTP exploit, a foiled attack on a nuclear research center and China-linked espionage.

Bank Info Security 5 months, 1 week ago

Breach Roundup: Italy Thwarts Russian Olympic Hacks

Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, UkraineThis week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia's APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace.

Bank Info Security 5 months, 1 week ago

Breach Roundup: Italy Thwarts Russian Olympic Hacks

Also, Active Exploits Hit SolarWinds, Ivanti as APT28 Targets EU, UkraineThis week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office. Russia's APT28 ramped up attacks in Ukraine, supply chain attacks, regulators probed major breaches and a U.S. judge sentenced the operator of a darkweb drug marketplace.

Widely Used ukr.net Is a Repeat Focus for APT28 Cyberespionage OperationsDon't expect cyber spies to respect distinctions between military and civilian networks, especially in times of war, warn researchers tracking persistent Russian military intelligence credential-harvesting attacks against users of Ukraine's popular, commercial UKR.NET webmail platform.

Bank Info Security 1 year, 10 months ago

French Cyber Agency Warns of APT28 Hacks Against Think Tanks

Report: North Korean, Russian, Chinese, Iranian Actors Are Targeting Research OrgsRussian state hackers are targeting think tanks studying strategic interests and the defense sector, warned the French cyber agency. A hacking group that officially is Unit 26165 of the Russian Main Intelligence Directorate appears to be Russia's most prolific targeter of think tanks.

Bank Info Security 1 year, 10 months ago

German Cyber Agency Investigating APT28 Phishing Campaign

Der Spiegel Reports Russian State Hackers Mimicked Kiel InstituteThe German cyber agency is reportedly investigating a phishing campaign tied to Russian state hacking group APT28 that used a bogus website mimicking an influential think tank. The campaign, which ran for months, used variations of the institute's legitimate IfW-Kiel web domain to lure victims.

Bank Info Security 2 years, 2 months ago

Russian GRU Hackers Compromised German, Czech Targets

APT28 Used Microsoft Outlook Zero-Day, Governments SaidThe German and Czech governments on Friday disclosed that Russian military intelligence hackers targeted political parties and critical infrastructure as part of an espionage campaign that began last year. "The EU will not tolerate such malicious behavior," the European Union said in a statement.

Bank Info Security 2 years, 2 months ago

Russian Hackers Exploiting Windows Print Spooler Vuln

Microsoft Warns APT28's GooseEgg Tool Enables Credential TheftRussian military intelligence hackers are using an 18 month-old vulnerability in the Windows print spooler utility to deploy a custom tool that elevates privileges and steals credentials. Microsoft says it's seen post-compromise activities against Ukrainian, European and North American governments.

Bank Info Security 2 years, 3 months ago

The Global Menace of the Russian Sandworm Hacking Team

Russian Cyber Sabotage Unit Sandworm Adopting Advanced Techniques, Mandiant WarnsRussia's preeminent cyber sabotage unit presents "one of the widest and high severity cyber threats globally," warned Mandiant in a Wednesday report. Mandiant newly designated Sandworm as APT44 to differentiate it from another hacking unit it will still track as APT28.

Bank Info Security 2 years, 4 months ago

Moscow Military Hackers Used Microsoft Outlook Vulnerability

APT28 Used Hacked Ubiquiti Routers for Hashed Password Relay AttacksA campaign by Russian military intelligence to convert Ubiquiti routers into a platform for a global cyberespionage operation began as early as 2022, U.S. and foreign intelligence agencies said. The U.S. disrupted a botnet built by a hacking unit of Russian military's Main Intelligence Directorate.

Bank Info Security 2 years, 7 months ago

Russian GRU Hackers Exploit Critical Patched Vulnerabilities

TA422 Is Targeting Organizations in Europe and North America, Proofpoint SaysA Russian military hacking intelligence group is winning the race to exploit known vulnerabilities before system administrators can apply patches, warns Proofpoint. The firm has seen a spike in activity from TA422, also known as APT28, Fancy Bear and Forest Blizzard.

Bank Info Security 2 years, 7 months ago

Russian GRU Hackers Target Polish Outlook Inboxes

Military Intelligence Exploits Microsoft Flaw Patched In MarchRussian military intelligence hackers active in Poland are exploiting a patched flaw in Microsoft Outlook, say cyber defenders from Redmond and Warsaw. Microsoft in a Monday post identifies the hackers as Forest Blizzard, also known as APT28 and Fancy Bear.