Russian state-sponsored threat actors, primarily APT28, have been conducting a wide-ranging cyber espionage campaign targeting Western and Ukrainian logistics, defense, and technology sectors since 2022. They utilize sophisticated attack techniques, including spear-phishing, vulnerability exploitation, and credential harvesting, to infiltrate and exfiltrate sensitive information. #APT28 #OperationRoundPress
Keypoints
- Apt28 has targeted organizations involved in Ukraineβs aid logistics and NATO member states since 2022.
- The campaign involves methods like password spraying, spear-phishing, and exploiting vulnerabilities in webmail and infrastructure.
- Attackers gain initial access using techniques such as brute-force, phishing, and exploiting software vulnerabilities like CVE-2023-23397.
- Post-exploitation activities include reconnaissance, lateral movement using tools like PsExec, and mailbox manipulation for sustained data collection.
- The threat group has expanded to hosting fake reCAPTCHA pages on cloud storage to trick users and deploy stealer malware like Lumma Stealer.
Read More: https://thehackernews.com/2025/05/russian-hackers-exploit-email-and-vpn.html