Russian state-sponsored group APT28 is leveraging Signal chats to deliver novel malware families, BeardShell and SlimAgent, targeting Ukrainian government entities. The attacks involve using encrypted messaging for phishing and infiltration, highlighting evolving tactics in cyberespionage. #APT28 #BeardShell #SlimAgent #UkrainianGovernment
Keypoints
- APT28 is utilizing Signal messaging platform for targeted cyberattacks in Ukraine.
- The malware families BeardShell and SlimAgent were newly identified during recent investigations.
- The malware uses macros, memory-resident backdoors, and persistence techniques like COM-hijacking.
- Signalβs platform is exploited for spear-phishing, account hijacking, and malware delivery.
- Ukraine officials reported cooperation issues with Signal despite the platformβs encrypted security features.