APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure

APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure By Pham Duy Phuc and Alex Lanstein · February 4, 2026 Updated February 9, 2026: This analysis has been updated to clarify malware naming conventions. Introduction Russian state-sponsored threat group APT28...

Vulnerabilities of Western logistics

Vulnerabilities of Western logistics. On May 21, Western intelligence agencies released joint advisory AA25-141A about attacks targeting infrastructure of Western logistics and tech companies. Alongside the usual Five Eyes, intelligence services from Germany, Czech Republic, Poland, Denmark,...

Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine

ESET reports on RoundPress, a cyber espionage campaign by Russia's Fancy Bear Sednit targeting Ukraine-related organizations via webmail…...

APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme

The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations NGOs in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a...

PT-2023-18914 · Undefined · Undefined

ParsedReport CompletenessMedium 07-12-2023 Fighting Ursa Aka APT28: Illuminating a Covert Campaign https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397 Report completeness: Medium Actors/Campaigns: Fancy bear Forest blizzard Threats: Wildfire Victims: Organizatio...

CVE-2023-38831: Navigating the Threat Landscape of the Latest Security Vulnerability

CVE-2023-38831: Navigating the Threat Landscape of the Latest Security Vulnerability By Trellix · November 9, 2023 This blog was written by Neeraj Kumar Singh Executive Summary In August 2023, WinRAR released a security patch to address a remote code execution vulnerability in WinRAR's ZIP archiv...

Russia Sends Cybersecurity CEO to Jail for 14 Years

The Russian government today handed down a treason conviction and 14-year prison sentence on Iyla Sachkov, the former founder and CEO of one of Russias largest cybersecurity firms. Sachkov, 37, has been detained for nearly two years under charges that the Kremlin has kept classified and hidden fr...

Fancy Bear known to be exploiting vulnerability in Cisco routers

In a joint advisory, the UK National Cyber Security Centre NCSC, the National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have released information about APT28s exploitation of Cisco routers in 2021. Now please dont st...

Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group TAG, which is monitoring the...

Fancy Bear Hackers Distributing Graphite Malware using PowerPoint Files

By Deeba Ahmed APT28 or Fancy Bear is linked with the Russian military intelligence unit called GRU. This is a post from HackRead.com Read the original post: Fancy Bear Hackers Distributing Graphite Malware using PowerPoint Files...

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

Advanced persistent threat group Fancy Bear is behind a phishing campaign that uses the specter of nuclear war to exploit a known one-click Microsoft flaw. The goal is to deliver malware that can steal credentials from the Chrome, Firefox and Edge browsers. The attacks by the Russia-linked APT ar...

Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware

The Computer Emergency Response Team of Ukraine CERT-UA has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-laced Microsoft Excel...

Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks

A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group TAG said it took down two Blogspot domains that were used b...

Ransom DDoS Enters its Fourth Wave

Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...

Google’s Threat Horizons report: Will the straightforward approach get results?

Google’s Cybersecurity Action Team has released a Threat Horizons report focusing on cloud security. It’s taken some criticism for being surprisingly straightforward and less complex than you may expect. On the other hand, many businesses simply don’t understand many of the threats at large...

Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

Google's Threat Analysis Group TAG on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. The warnings mark a 33%...

Fancy Bear Is Trying to Brute-Force Hundreds of Networks

While SolarWinds rightly drew attention earlier this year, Moscow's Fancy Bear group has been on a password-guessing spree this whole time...

This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users’ Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a watering hole campaign Trend Micro dubbed ‘Operation Earth Kitsune’ that is spying on users’ systems through compromised...

Fancy Bear Imposters Are on a Hacking Extortion Spree

Nice looking website you've got there. It'd be a shame if someone DDoS'd it...

Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency

New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week...