Ukrainian officials confirmed a long-running cyber-espionage campaign attributed to Russia-linked APT28 targeted dozens of local government and law enforcement email accounts, with Western researchers reporting more than 170 compromised accounts. The intrusions exploited vulnerabilities in the open-source Roundcube webmail platform, CERT-UA has tracked three waves since 2023, and affected agencies including SAP and ARMA say reviews found no clear evidence of internal data theft while warning leaks could fuel disinformation. #APT28 #Roundcube
Keypoints
- Authorities attribute a long-running campaign to the Russia-linked group APT28 (Fancy Bear).
- Researchers report more than 170 email accounts of Ukrainian prosecutors and investigators were compromised.
- Attackers exploited Roundcube vulnerabilities enabling code execution when victims merely opened emails.
- CERT-UA identified three waves of intrusions tracked since 2023 as part of the same campaign.
- ARMA and SAP say reviews found no confirmed internal data exfiltration, though leaked material may be used for disinformation.
Read More: https://therecord.media/ukraine-confirms-suspected-apt28-campaign-targeting-prosecutors