The New Oil5d ago

#APT28 hackers deploy customized variant of #Covenant #OpenSource tool

https://www.bleepingcomputer.com/news/security/apt28-hackers-deploy-customized-variant-of-covenant-open-source-tool/

#cybersecurity #Russia

APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.

BleepingComputer
The Threat Codex5d ago
Operation Roundish: Uncovering an APT28 Roundcube Toolkit Used Against Ukrainian Government Targets
#APT28 #Roundcube
https://hunt.io/blog/operation-roundish-apt28-roundcube-exploitation
Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine

Hunt.io investigation uncovered Operation Roundish, an APT28 toolkit used to exploit Roundcube webmail and target Ukrainian government systems. Learn more.

securityaffairsMar 10
#APT28 conducts long-term espionage on Ukrainian forces using custom #malware
https://securityaffairs.com/189230/apt/apt28-conducts-long-term-espionage-on-ukrainian-forces-using-custom-malware.html
#securityaffairs #hacking #russia #ukraine
APT28 conducts long-term espionage on Ukrainian forces using custom malware

APT28 used BEARDSHELL and COVENANT malware to spy on Ukrainian military personnel, enabling long-term surveillance since April 2024.

Security Affairs
OTX BotMar 3

APT28 Leverages CVE-2026-21509 in Operation Neusploit

Zscaler’s ThreatLabz examines the technical details of Operation Neusploit, a Russia-linked advanced persistent threat group (APT28) that leveraged specially crafted RTF files to exploit CVE-2026-21509.

Pulse ID: 69a6d099bd131eb626296631
Pulse Link: https://otx.alienvault.com/pulse/69a6d099bd131eb626296631
Pulse Author: CyberHunter_NL
Created: 2026-03-03 12:14:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT28 #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #RTF #Russia #ThreatLabz #Zscaler #bot #CyberHunter_NL

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
securityaffairsMar 2
#Russia-linked #APT28 exploited #MSHTML zero-day CVE-2026-21513 before patch
https://securityaffairs.com/188782/security/russia-linked-apt28-exploited-mshtml-zero-day-cve-2026-21513-before-patch.html
#securityaffairs #hacking #Microsoft
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw.

Security Affairs
The Threat CodexFeb 25
Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513
#CVE_2026_21513 #APT28
https://www.akamai.com/blog/security-research/2026/feb/inside-the-fix-cve-2026-21513-mshtml-exploit-analysis
OTX BotFeb 25

Organizations Targeted by APT28 Group via Webhook-Based Macro Malware

Pulse ID: 699f3c59b1d0c02a08fd005c
Pulse Link: https://otx.alienvault.com/pulse/699f3c59b1d0c02a08fd005c
Pulse Author: cryptocti
Created: 2026-02-25 18:15:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT28 #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX BotFeb 25

Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513

This analysis examines CVE-2026-21513, a security bypass vulnerability in Microsoft's MSHTML framework, patched in February 2026. The flaw, actively exploited by Russian state-sponsored actor APT28, affects all Windows versions and has a CVSS score of 8.8. Using PatchDiff-AI, researchers identified the root cause in ieframe.dll's hyperlink navigation handling, allowing arbitrary file execution outside the browser's security context. The exploit involves a crafted Windows Shortcut file embedding HTML, communicating with APT28-linked infrastructure. It bypasses security measures like Mark of the Web and IE Enhanced Security Configuration through nested iframes and DOM manipulation, ultimately invoking ShellExecuteExW for out-of-sandbox execution.

Pulse ID: 699ee10d4bfa4e5fcf71399d
Pulse Link: https://otx.alienvault.com/pulse/699ee10d4bfa4e5fcf71399d
Pulse Author: AlienVault
Created: 2026-02-25 11:46:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT28 #Browser #CyberSecurity #HTML #InfoSec #Microsoft #OTX #OpenThreatExchange #RAT #Russia #Vulnerability #Windows #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
TechNaduFeb 24

APT28 “Operation MacroMaze”:
Macro malware + webhook.site exfiltration
Legit SaaS abused as C2
Europe targeted (Sept 2025–Jan 2026)

Report:
https://www.technadu.com/apt28-deploys-macro-malware-in-browser-based-exfiltration-operation-targeting-europe/620697/

#APT28 #ThreatIntel #CyberSecurity

securityaffairsFeb 24
#Operation #MacroMaze: #APT28 exploits webhooks for covert data exfiltration
https://securityaffairs.com/188421/apt/operation-macromaze-apt28-exploits-webhooks-for-covert-data-exfiltration.html
#securityaffairs #hacking #malware
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze.

Security Affairs