APT28

APT28 is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165. This group has been active since at least 2004.APT28 reportedly compromised the Hillary Clinton campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee in 2016 in an attempt to interfere with the U.S. presidential election. In 2018, the US indicted five GRU Unit 26165 officers associated with APT28 for cyber operations (including close-access operations) conducted between 2014 and 2018 against the World Anti-Doping Agency (WADA), the US Anti-Doping Agency, a US nuclear facility, the Organization for the Prohibition of Chemical Weapons (OPCW), the Spiez Swiss Chemicals Laboratory, and other organizations. Some of these were conducted with the assistance of GRU Unit 74455, which is also referred to as Sandworm Team.

This Cyber News was published on attack.mitre.org. Publication date: Thu, 07 Dec 2023 22:12:07 +0000


Cyber News related to APT28

Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug - Advanced persistent threat group APT28 is behind ongoing campaigns to steal sensitive government and corporate information. The threat group is reportedly abusing unpatched instances of a Microsoft Exchange flaw patched nine months ago, according to ...
1 year ago Packetstormsecurity.com CVE-2023-23397 CVE-2023-38831 APT28
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
Poland says Russian military hackers target its govt networks - Poland says a state-backed threat group linked to Russia's military intelligence service has been targeting Polish government institutions throughout the week. According to evidence found by CSIRT MON, the country's Computer Security Incident ...
11 months ago Bleepingcomputer.com CVE-2023-23397 APT28
France says Russian state hackers breached numerous critical networks - The Russian APT28 hacking group has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. The threat group, which is considered part of Russia's military ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-23397 APT28 Cactus
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
1 year ago Bleepingcomputer.com CVE-2023-23397 CVE-2023-38831 CVE-2021-40444 APT28
APT28 - APT28 is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165. This group has been active since at least 2004.APT28 reportedly compromised ...
1 year ago Attack.mitre.org APT28 Sandworm Team
Russian APT Used Zero-Click Outlook Exploit - A Russian state-sponsored threat actor tracked as APT28 has been exploiting a zero-click Outlook vulnerability in attacks against dozens of organizations in NATO countries, cybersecurity firm Palo Alto Networks reports. Tracked as CVE-2023-23397, the ...
1 year ago Securityweek.com CVE-2023-23397 CVE-2023-29324 Fancy Bear APT28
NATO Draws a Cyber Red Line in Tensions With Russia - There has long been a military red line that NATO says Russia must not cross. Germany took a very strong diplomatic position, summoning Russia's representative, and then recalling its own Russian ambassador for talks. This is clearly a strong and ...
11 months ago Securityweek.com APT28 APT29
NATO Draws a Cyber Red Line in Tensions With Russia - There has long been a military red line that NATO says Russia must not cross. Germany took a very strong diplomatic position, summoning Russia's representative, and then recalling its own Russian ambassador for talks. This is clearly a strong and ...
11 months ago Packetstormsecurity.com APT28 APT29
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com CVE-2023-23397 Fancy Bear APT28
Russian military hackers target Ukraine with new MASEPIE malware - Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored ...
1 year ago Bleepingcomputer.com Fancy Bear APT28
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
1 year ago Bleepingcomputer.com Fancy Bear APT28 Turla Volt Typhoon
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com CVE-2023-38831 APT28 APT29
Russian hackers use old Outlook vulnerability to target Polish orgs - Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining access to them. ...
1 year ago Helpnetsecurity.com CVE-2023-23397 APT28
Poland says it was targeted by Russian military intelligence hackers - Russian state-sponsored hackers have targeted Polish government institutions in a recent espionage campaign, according to a new report. Poland's computer emergency response team, CERT-PL, said on Wednesday that it had observed a large-scale malware ...
11 months ago Therecord.media Fancy Bear APT28
ShinyHunters is selling data of 30 million Santander customers - MUST READ. ShinyHunters is selling data of 30 million Santander customers. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
10 months ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-22515 APT28 APT29 BianLian Hunters
Crooks stole more than $300M worth of Bitcoin from DMM Bitcoin - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Threat actors actively ...
10 months ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-22515 APT28 APT29 BianLian
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
10 months ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
State-sponsored hackers embrace ClickFix social engineering tactic - Proofpoint reports that APT28, a GRU unit, also used ClickFix as early as October 2024, using phishing emails mimicking a Google Spreadsheet, a reCAPTCHA step, and PowerShell execution instructions conveyed via a pop-up. ClickFix attacks are gaining ...
2 days ago Bleepingcomputer.com APT28 Kimsuky MuddyWater
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-40477 APT28
Why It's More Important Than Ever to Align to The MITRE ATT&CK Framework - These missed attacks often stem from either hidden gaps in detection coverage - or due to alerts that got buried in a sea of noisy alerts and were never even pursued by the Security Operations Center team. In other words, we need to be able to report ...
1 year ago Cyberdefensemagazine.com APT28 FIN7 LAPSUS$ Lazarus Group
Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
1 year ago Securityaffairs.com
Sandworm Team - Sandworm Team is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455. This group has been active since at least 2009.In ...
1 year ago Attack.mitre.org APT28 Sandworm Team
Russia's APT28 used new malware in a recent phishing campaign - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
1 year ago Securityaffairs.com
Russian-Backed Hackers Target High-Value US, European Entities - Hackers linked to Russia's military intelligence unit exploited previously patched Microsoft vulnerabilities in a massive phishing campaign against U.S. and European organizations in such vectors as government, aerospace, and finance across North ...
1 year ago Securityboulevard.com CVE-2023-23397 CVE-2023-38831 Fancy Bear APT28

Latest Cyber News


Cyber Trends (last 7 days)