#apt28

The New Oil

@thenewoil.org

4 days ago

APT28 hackers deploy customized variant of Covenant open-source tool The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.

#APT28 hackers deploy customized variant of #Covenant #OpenSource tool

www.bleepingcomputer.com/news/security/apt28-hack...

#cybersecurity #Russia

The Daily Tech Feed

@thedailytechfeed.com

5 days ago

Russian hacking group APT28 deploys BEARDSHELL and COVENANT malware to spy on Ukrainian military. #CyberSecurity #APT28 #Ukraine #Malware Link: thedailytechfeed.com/apt28-deploy...

Ahmandonk

@ahmandonk.bsky.social

5 days ago

📰 APT28 Gunakan Versi Modifikasi Framework Open-Source Covenant untuk Operasi Spionase

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/03/11/apt28-covenan...

#apt28 #cyberEspionage #cyberSecurity #hacking #keamananSiber #malware

MadEP MaX

@madepmax.bsky.social

6 days ago

[2/2]
" #APT28, a #Russian state-sponsored hacker group, is leveraging a modified variant of the #Covenant framework for espionage attacks targeting #Ukrainian military personnel."

MadEP MaX

@madepmax.bsky.social

6 days ago

APT28 hackers deploy customized variant of Covenant open-source tool The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.

" #APT28 hackers deploy customized variant of Covenant open-source tool."
"The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage .../..."
www.bleepingcomputer.com/news/securit... [1/2]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

6 days ago

APT28 conducts long-term espionage on Ukrainian forces using custom malware APT28 used BEARDSHELL and COVENANT malware to spy on Ukrainian military personnel, enabling long-term surveillance since ...

#APT #Breaking #News #Cyber #warfare #Hacking […]

[Original post on securityaffairs.com]

piggo

@pigondrugs.bsky.social

6 days ago

~Eset~
Sednit (APT28) targets Ukrainian military with a new dual-implant toolkit: BeardShell and Covenant.
-
IOCs: CVE-2026-21509, BeardShell, SlimAgent
-
#APT28 #Malware #ThreatIntel

The Daily Tech Feed

@thedailytechfeed.com

1 week ago

Russian state-sponsored group APT28 targets Ukrainian entities with new malware strains BadPaw and MeowMeow. Stay vigilant against sophisticated cyber threats. #CyberSecurity #APT28 #BadPaw #MeowMeow Link: thedailytechfeed.com/apt28-target...

ReconBee

@reconbee.bsky.social

1 week ago

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine moderately confidently linked read more about APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine reconbee.com/apt28-linked...

#APT28 #BadPawloader #MeowMeow #ukraine #cyberattack #cybersecurity

CyberMaterial

@cybermaterial.bsky.social

1 week ago

APT28 Deploys BadPaw And MeowMeow In Ukraine
Read More: buff.ly/Lk0YmtC

#APT28 #BadPaw #MeowMeowMalware #RussiaCyber #UkraineCyber #PhishingCampaign #CyberEspionage #ThreatIntel

The Daily Tech Feed

@thedailytechfeed.com

1 week ago

Russian state-sponsored group APT28 exploited CVE-2026-21513, a critical MSHTML vulnerability, before Microsoft's Feb 2026 Patch Tuesday. Stay vigilant and update your systems. #CyberSecurity #APT28 #MSHTML #ZeroDay Link: thedailytechfeed.com/russian-apt2...

The Daily Tech Feed

@thedailytechfeed.com

1 week ago

Critical MSHTML zero-day (CVE-2026-21513) exploited by APT28 before Feb 2026 patch. Ensure systems are updated to mitigate risks. #CyberSecurity #APT28 #MSHTML #ZeroDay Link: thedailytechfeed.com/apt28-exploi...

CySecurity News

@cysecuritynews.bsky.social

2 weeks ago

APT28’s Operation MacroMaze Targets Western Europe With Stealthy Macro-Based Attacks  A fresh wave of digital intrusions, tied to Russian operatives known as APT28, emerges through findings uncovered by S2 Grupo’s LAB52 analysts. Throughout late 2025 into early 2026, these efforts quietly unfolded across Western and Central European institutions. Dubbed Operation MacroMaze, the pattern reveals reliance on minimalistic yet precisely timed actions. Instead of complex tools, attackers favored subtle coordination - bypassing alarms by design. Each phase unfolded with restraint, avoiding flashiness while maintaining persistence behind the scenes.  Starting the operation, cyber actors send targeted emails with harmful attachments designed to trick users. Instead of using typical methods, these documents include an XML feature named “INCLUDEPICTURE.” That field points to a JPG stored on webhook[.]site, acting as a hidden reference. As soon as someone views the file, the system pulls the image from that external address. Unlike passive downloads, this transfer initiates a background connection outward. Midway through loading, the request exposes details about the user’s environment automatically. So, without visible signs, attackers receive confirmation plus technical footprints tied to the access event.  Over time, different versions of the documents appeared, spotted by analysts during an extended review period. Each one carried small changes in macro design, though the core behavior stayed largely unchanged. Instead of sticking with automated browser launching, newer samples began mimicking keystrokes through SendKeys functions. This shift may have aimed at dodging detection mechanisms while keeping interactions less obvious to people opening files.  When turned on, it runs a Visual Basic Script pushing the attack forward. A CMD file gets started by the script, setting up ongoing access using timed system jobs before releasing a batch routine. Out of nowhere, a tiny HTML segment encoded in Base64 appears inside Edge running without display. That fragment pulls directives from one online trigger point, carries out those steps on the machine, gathers what happens, then sends everything back - packed into an HTML document - to another web destination.  A different version of the batch script skips headless browsing by shifting the browser window beyond the visible screen area. Following that shift, any active Edge instances are closed - this isolates the runtime setting. Once the created HTML document opens, form submission begins on its own, sending captured command results to a server managed by the attacker, all without engaging the user.  LAB52 points out that the attack shows hackers using ordinary tools - batch scripts, minimal VBS launchers, basic HTML forms - to form a working breach system. Hidden browser tabs become operational zones, letting intrusions unfold without obvious footprints. Webhook platforms, meant for routine tasks, carry commands one way and stolen information the other. Instead of loud breaches, quiet integration with standard processes helps evade detection. The method thrives not on complexity, but on repurposing everyday components in stealthy ways.  What stands out in Operation MacroMaze is how basic tools, when timed precisely, achieve advanced results. Not complexity - but clever order - defines its success. Common programs, used one after another in quiet succession, form an invisible path through defenses. Trusted system features play a central role, slipping past alarms. Persistence emerges not from novelty, but repetition masked as routine. Across several European organizations, the method survives simply by avoiding attention.

APT28’s Operation MacroMaze Targets Western Europe With Stealthy Macro-Based Attacks #APT28 #APT28CyberEspionage #CyberAttacks

CyberMaterial

@cybermaterial.bsky.social

2 weeks ago

APT28 Uses Webhook Macro Malware
Read More: buff.ly/X04DuP0

#APT28 #OperationMacroMaze #MacroMalware #WebhookAbuse #RussiaCyber #SpearPhishing #CyberEspionage #ThreatActors

The Daily Tech Feed

@thedailytechfeed.com

2 weeks ago

APT28's Operation MacroMaze reveals the cunning use of webhook-based macro malware to target European entities. Stay informed and secure. #CyberSecurity #APT28 #ThreatIntelligence #OperationMacroMaze Link: thedailytechfeed.com/apt28s-opera...

ReconBee

@reconbee.bsky.social

2 weeks ago

APT28 Targeted European Entities Using Webhook-Based Macro Malware this technique functions as a beaconing method similar read more about APT28 Targeted European Entities Using Webhook-Based Macro Malware

APT28 Targeted European Entities Using Webhook-Based Macro Malware reconbee.com/apt28-target...

#APT28 #european #macromalware #webhook #cybersecurity #cyberattack

TechNadu

@technadu.com

2 weeks ago

Full breakdown:
www.technadu.com/apt28-deploy...

Do you think organizations are adequately monitoring outbound traffic to legitimate cloud services? Comment your opinion below.
#CyberEspionage #APT28 #CyberSecurity #MacroMalware #ThreatIntelligence #DataExfiltration

TechNadu

@technadu.com

2 weeks ago

APT28’s Operation MacroMaze used macro-enabled Office docs + webhook. site for data exfil.
Legitimate services as C2 = detection challenge.
Europe targeted.

#CyberEspionage #APT28 #Infosec

piggo

@pigondrugs.bsky.social

2 weeks ago

~Akamai~
Russian state-sponsored actor APT28 is actively exploiting a critical MSHTML vulnerability to bypass security features and execute arbitrary code.
-
IOCs: wellnesscaremed. com
-
#APT28 #CVE202621513 #ThreatIntel

SCtoCS

@sctocs.bsky.social

3 weeks ago

APT28 Targeted European Organizations With Webhook Based Macro Malware - SCtoCS APT28 targeted European entities using webhook based macro malware, highlighting ongoing cyber espionage efforts across the region.

APT28 is using webhook-based macro malware to target European organizations via malicious Office docs that connect back to control servers. Be cautious with attachments!
👉 sctocs.com/apt28-europe...

#Cybersecurity
#sctocs
#APT28
#malware
#ThreatAlert

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Russian-linked Fancy Bear exploits Microsoft RTF zero-day (CVE-2026-21509) to deploy malware in Eastern Europe. Targets include Ukraine, Slovakia, and Romania. #CyberSecurity #APT28 #ZeroDay #FancyBear Link: thedailytechfeed.com/fancy-bear-e...

Intel Night OWL 🦉🇺🇸

@intelnightowl.bsky.social

1 month ago

APT28 Weaponizes Office Flaw to Spy on NATO & Military APT28 (Fancy Bear) weaponized CVE-2026-21509 in 24 hours to target NATO. New "BeardShell" and "NotDoor" malware steals emails. Patch Office now.

#APT28 Weaponizes MS Office Flaw to #Spy on #NATO & #Military

#Russia state-sponsored group #FancyBear has launched a sophisticated espionage campaign, striking #Europe #military & #government through a major security vulnerability in #Microsoft #Office.

securityonline.info/apt28-weapon...

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Russian APT28 exploits Microsoft Office vulnerability CVE-2026-21509 to target European government agencies. Immediate patching and enhanced security measures are crucial. #CyberSecurity #APT28 #MicrosoftOffice Link: thedailytechfeed.com/apt28-target...

@dfrye120.bsky.social

1 month ago

Cybersecurity news update: Russian state hackers are weaponizing Microsoft office documents to gain persistent access to targeted networks. If you’re managing enterprise environments, this should be in your radar.

Source: lnkd.in/eMP-H3a4

#cybersecurity #apt28 #infosec

Ars Technica News

@arstechni.ca

1 month ago

Microsoft releases urgent Office patch. Russian-state hackers pounce. https://arstechni.ca #microsoft #Security #Biz&IT #office #russia #APT28

Reverse-Engineering

@reverse-engineering.activitypub.awakari.com.ap.brid.gy

1 month ago

Russian-state hackers exploit Office vulnerability to infect computers The window to patch vulnerabilities is shrinking rapidly. Russian-state hackers wasted no time exploiting a critical Microsoft...

#Biz #& #IT #Security #APT28 #microsoft #office #russia

Origin | Interest | Match

Reverse-Engineering

@reverse-engineering.activitypub.awakari.com.ap.brid.gy

1 month ago

Microsoft releases urgent Office patch. Russian-state hackers pounce. The window to patch vulnerabilities is shrinking rapidly. Russian-state hackers wasted no time exploiting a critical Microsoft ...

#Biz #& #IT #Security #APT28 #microsoft #office #russia

Origin | Interest | Match

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

APT28 exploits Microsoft Office zero-day (CVE-2026-21509) in 'Operation Neusploit,' targeting Ukraine, Slovakia, and Romania. Patch now! #CyberSecurity #APT28 #MicrosoftOffice #ZeroDay Link: thedailytechfeed.com/apt28-exploi...

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Alert: APT28 exploits Microsoft Office CVE-2026-21509 to deploy LAMEHUG malware using large language models. Update your systems and stay vigilant. #CyberSecurity #APT28 #LAMEHUG #MicrosoftOffice Link: thedailytechfeed.com/apt28-exploi...