This article details a cyberespionage campaign by Russiaβs APT28 group targeting international organizations involved in aid efforts to Ukraine since 2022. It highlights their methods, such as spear-phishing and exploiting vulnerabilities, as well as their efforts to monitor aid shipments through hacked cameras. #APT28 #Cyberespionage
Keypoints
- Russian APT28 hackers have targeted organizations across Europe and the U.S. to disrupt aid to Ukraine.
- The group used tactics like spear-phishing, password spraying, and exploiting Microsoft Exchange vulnerabilities.
- They compromised internet-connected cameras at key locations to monitor materials entering Ukraine.
- Malware such as Headlace and Masepie backdoors were used for persistence and data exfiltration.
- The campaign involved sophisticated methods to maintain stealth, including routing communications through compromised devices.