APT28, also known as Fancy Bear, has conducted a sustained credential-harvesting campaign targeting Ukrainian users through phishing emails and malicious links. The campaign reflects Russiaβs strategic efforts to gather intelligence during the ongoing conflict in Ukraine. #APT28 #FancyBear #GRU #Ukraine #CredentialTheft
Keypoints
- APT28 is linked to Russiaβs GRU and known for targeted cyber espionage operations.
- The recent campaign involves phishing emails with fake UKR[.]net login pages to steal credentials and 2FA codes.
- Threat actors use URL shortening and subdomain redirection on platforms like Blogger to hide malicious links.
- The campaign targets Ukrainian users to support Russian intelligence objectives amid ongoing conflict.
- BlueDelta has shifted from using compromised routers to tunneling services like ngrok to evade takedown efforts.
Read More: https://thehackernews.com/2025/12/apt28-targets-ukrainian-ukr-net-users.html