Sekoia.io6d ago

🇷🇺 Sekoia #TDR team has just released a comprehensive analysis of how #APT28's arsenal has evolved, from its early to its current operations.

https://blog.sekoia.io/apt28-an-evolution-of-tradecraft/

Show threadSekoia.io
Here are the three major shifts defining APT28's modern operations:
- Infrastructure moved to the edge: Compromising SOHO devices and abusing cloud services to mask traffic.
Jun 11 at 1:28pmWeb
Show threadSekoia.io6d ago
- Return of custom implants: Deploying stealthy, modular toolsets (like Phantom Net Voxel) controlled via cloud infrastructures.
- Delegating logic to AI: Experimenting with malware (like LameHug) that queries an LLM on the fly to generate attack commands.
Show threadSekoia.io6d ago
This report is part of a broader coordinated effort, conducted since 2025 in collaboration with foreign and domestic law enforcement and government agencies, including the FBI, to limit APT28's activities and constrain GRU cyber operations.