APT28, also known as Fancy Bear, conducted a sophisticated cyber campaign called Phantom Net Voxel, combining social engineering, steganography, and cloud services to evade detection. This operation targeted Ukrainian government systems using weaponized Office documents, modular backdoors, and covert command-and-control channels. #APT28 #FancyBear #PhantomNetVoxel #CERTUA
Keypoints
- The campaign used targeted Office documents with plausible titles related to Ukrainian military workflows.
- Malware embedded in PNG images utilized steganography to hide encrypted shellcode, complicating detection efforts.
- The operation employed modular backdoors like BeardShell and SlimAgent to control infected systems remotely.
- Cloud APIs from services like Icedrive facilitated covert command-and-control communication, blending malicious and legitimate traffic.
- Multiple anti-analysis techniques, such as runtime environment checks and obfuscation, enhanced the malware’s stealth capabilities.
Read More: https://thecyberexpress.com/apt28-recent-campaign-infection-chain/