APT28 Archives - Security Affairs

Pierluigi Paganini June 24, 2025

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official […]

Pierluigi Paganini May 22, 2025

Russia-linked APT28 targets western logistics entities and technology firms

CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing an elevated threat to supply chains Russia-linked cyberespionage group APT28 intensifies its operations against Western logistics and technology companies moving supplies into Ukraine, US CISA warns. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has been active since at least 2007 and it […]

Pierluigi Paganini April 30, 2025

France links Russian APT28 to attacks on dozen French entities

France blames Russia-linked APT28 for cyberattacks targeting or compromising a dozen French government bodies and other entities. The Russia-linked APT28 group has targeted or compromised a dozen government organizations and other French entities, the French Government states. In 2024, it was observed attacking OT organizations and linked to cyberattacks on 60 entities in Asia and […]

Pierluigi Paganini November 25, 2024

Russia-linked APT TAG-110 uses targets Europe and Asia

Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-linked threat actor TAG-110 that employed custom malware tools HATVIBE and CHERRYSPY. The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia, […]

Pierluigi Paganini September 05, 2024

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

A cyber attack hit the German air traffic control agency (DFS) disrupting its operations, experts attribute it to Russia-linked group APT28. A cyber attack targeted the German Air Traffic Control Agency (DFS), as reported by Spiegel and European Truth. DFS, based in Langen near Frankfurt, confirmed that attackers breached its office connection but confirmed that […]

Pierluigi Paganini August 03, 2024

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. Palo Alto researchers reported that a Russia-linked threat actor known as Fighting Ursa (also identified as APT28, Fancy Bear, or Sofacy) used a fake car advertisement to distribute HeadLace backdoor malware, targeting diplomats. The campaign began […]

Pierluigi Paganini June 03, 2024

APT28 targets key networks in Europe with HeadLace malware

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet […]

Pierluigi Paganini May 05, 2024

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

NATO and the European Union formally condemned cyber espionage operations carried out by the Russia-linked APT28 against European countries. NATO and the European Union condemned cyber espionage operations carried out by the Russia-linked threat actor APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) against European countries. This week the German Federal Government condemned in the strongest […]

Pierluigi Paganini May 03, 2024

Russia-linked APT28 and crooks are still using the Moobot botnet

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. Trend Micro researchers reported that the EdgeRouter botnet, called Moobot, used by the APT28 group is still active and is also used by cyber criminal organizations. In January, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and […]

Pierluigi Paganini April 22, 2024

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “Forest Blizzard”, “Fancybear” or “Strontium” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. Since at least June 2020, and possibly earlier, the cyberespionage […]

APT28

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Russia-linked APT28 targets western logistics entities and technology firms

France links Russian APT28 to attacks on dozen French entities

Russia-linked APT TAG-110 uses targets Europe and Asia

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

APT28 targets key networks in Europe with HeadLace malware

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Russia-linked APT28 and crooks are still using the Moobot botnet

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Hackers deploy fake SonicWall VPN App to steal corporate credentials

Mainline Health Systems data breach impacted over 100,000 individuals

Disrupting the operations of cryptocurrency mining botnets

Prometei botnet activity has surged since March 2025

The U.S. House banned WhatsApp on government devices due to security concerns

QUICK LINKS

APT28

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!