Tag: APT28

UAC-0001 (APT28) Attack Detection: The russia-Backed Actor Uses LLM-Powered LAMEHUG Malware to Target Security and Defense Sector 
UAC-0001 (APT28) Attack Detection: The russia-Backed Actor Uses LLM-Powered LAMEHUG Malware to Target Security and Defense Sector 

The notorious russian state-sponsored threat group UAC-0001 (also tracked as APT28) has once again surfaced in the cyber threat landscape. After CERT-UA’s late June alert exposing the group’s use of the COVENANT framework and the BEARDSHELL backdoor, UAC-0001 has maintained its focus on Ukraine. CERT-UA now reports a new wave of cyber-attacks targeting the security […]

Read More
UAC-0001 (APT28) Activity Detection: The russian State-Sponsored Group Targets Government Agencies Using BEARDSHELL and COVENANT Malware
UAC-0001 (APT28) Activity Detection: The russian State-Sponsored Group Targets Government Agencies Using BEARDSHELL and COVENANT Malware

The nefarious nation-backed russian hacking collective known as UAC-0001 (aka APT28) reemerges in the cybersecurity spotlight. Over a year ago, in the spring of 2024, the CERT-UA team was investigating an incident targeting state executive bodies and identified a Windows-based server. In May 2025, ESET shared timely intelligence indicating unauthorized access to an email account […]

Read More
Detect APT28 Attacks: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid to Ukraine in a Two-Year Hacking Campaign
Detect APT28 Attacks: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid to Ukraine in a Two-Year Hacking Campaign

A coordinated advisory from cybersecurity and intelligence agencies across North America, Europe, and Australia confirms a two-year-long cyberespionage campaign by russian GRU Unit 26165 (APT28, Forest Blizzard, Fancy Bear). The campaign targets logistics and tech providers facilitating foreign aid to Ukraine. Detect APT28 (Forest Blizzard, Fancy Bear) Attacks Against Western Companies Since a full-scale invasion […]

Read More