Russian state-sponsored group APT28 is conducting credential-harvesting campaigns targeting energy, defense, and government organizations using sophisticated phishing tactics. They heavily rely on free hosting, tunneling, and link-shortening services to evade detection and maintain operational flexibility. #APT28 #CredentialHarvesting
Keypoints
- APT28 has been active since 2004 and is linked to the Russian GRU.
- The group targets energy research, defense collaborations, and government communications in the US and Europe.
- Phishing campaigns impersonate Microsoft OWA, Google, and Sophos VPN portals to deceive victims.
- They utilize free hosting services like Ngrok, InfinityFree, and Webhook.site for hosting phishing pages.
- Recent campaigns include redirecting victims from spoofed login pages to legitimate documents or portals.
Read More: https://www.securityweek.com/russias-apt28-targeting-energy-research-defense-collaboration-entities/