This article details APT28’s advanced cyber-espionage activities targeting Ukrainian military networks in 2025, utilizing sophisticated infection chains and cloud-based C2 channels. The campaign showcases innovative techniques such as steganography and malicious use of legitimate cloud services to evade detection. #APT28 #CovenantFramework
Keypoints
- APT28 launched a new wave of cyber-espionage targeting Ukrainian military structures in 2025.
- The infection chain employs weaponized Office documents with malicious VBA macros and steganography.
- BeardShell is a C++ backdoor using icedrive as its command-and-control platform.
- Legitimate cloud services like Koofr, icedrive, and Filen are exploited to hide malicious activity.
- The campaign aims to gather intelligence on Ukrainian military operations and logistics.