Russia’s APT28, in the FrostArmada campaign, compromised thousands of routers worldwide to steal Microsoft credentials—without using malware. Learn how the attack worked, who was targeted, and what it means for the future of network security.
Russian hacking group APT28 has launched a sophisticated PRISMEX malware campaign against Ukraine and NATO, exploiting zero-days and advanced stealth tactics to compromise vital sectors and threaten both espionage and sabotage.
A sweeping cyberattack by pro-Russian group APT28 has compromised thousands of home and business routers, putting user credentials and internet traffic at risk. Authorities are racing to dismantle the botnet and secure vulnerable devices.
U.S. law enforcement and global tech firms have dismantled a sprawling Russian cyber-espionage operation that hijacked home and office routers in over 120 countries. Here’s how the attackers exploited DNS and router vulnerabilities—and how the takedown unfolded.
APT28, a Russian state-backed hacking group, exploited a critical Zimbra email vulnerability in attacks on Ukrainian government agencies. The stealth campaign, dubbed Operation GhostMail, highlights the escalating cyberwar tactics targeting state infrastructure.
#GhostMail | #APT28 | #Zimbra
Russian state-backed hacking group APT28 is targeting Ukrainian military personnel with advanced malware implants BEARDSHELL and COVENANT, leveraging cloud services and sophisticated obfuscation to maintain covert surveillance.
Russian hacking group APT28 has reactivated advanced malware campaigns against Ukraine, deploying new tools like BeardShell and Covenant in a renewed wave of espionage. Experts warn this marks a major escalation in cyber hostilities.
APT28, Russia’s infamous state-backed hackers, have weaponized open-source frameworks like Covenant and cloud storage providers to launch sophisticated espionage campaigns targeting Ukrainian and European entities. Their technical evolution marks a dangerous new chapter in cyber warfare.
Russian state-backed hackers APT28 exploited a Windows MSHTML zero-day before Microsoft’s patch, using malicious shortcut files to bypass security and compromise systems worldwide.
APT28 exploited a critical MSHTML zero-day vulnerability before Microsoft’s February 2026 patch, using malicious LNK files to bypass protections and execute code. The attack highlights evolving tactics and ongoing risks from state-sponsored cyber actors.