Russia's 'Fancy Bear' APT Targets Ukrainian Energy Facility
The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.
APT28 is a cyber-espionage threat group associated with targeted attacks against governments, political organizations, and critical infrastructure.
Search across headline titles and summaries.
Background for this topic.
APT28 is a cyber espionage group linked to Russian military intelligence, known for targeting government, military, and security organizations mainly in Europe and North America. They use custom malware, spear-phishing emails, and occasionally zero-day exploits to infiltrate networks and maintain long-term access for intelligence gathering and influence operations.
Security teams should focus on detecting APT28’s use of specialized backdoors and credential theft tools that enable stealthy lateral movement. Monitoring for targeted spear-phishing campaigns and unusual outbound connections can reveal early compromise signs. Because APT28 sometimes exploits unpatched vulnerabilities, prompt patching and integrating threat intelligence about their tactics are key to limiting exposure and preventing sensitive data loss or operational disruption.
The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.
The attack has been carried out using legitimate services and standard software functions, CERT-UA observed
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country