Cato CTRL™ Threat Research: Analyzing LAMEHUG | Cato Networks
"First Known LLM-Powered Malware with Links to APT28 (Fancy Bear)"
https://www.catonetworks.com/blog/cato-ctrl-threat-research-analyzing-lamehug/
#apt28
0 posts0 participants0 posts today
LameHug: first #AI-Powered #malware linked to #Russia’s #APT28
https://securityaffairs.com/180092/hacking/lamehug-first-ai-powered-malware-linked-to-russias-apt28.html
#securityaffairs #hacking #Ukraine
Security Affairs · LameHug: first AI-Powered malware linked to Russia’s APT28LameHug malware uses AI to create data-theft commands on infected Windows systems. Ukraine links it to the Russia-nexus APT28 group.
#Russia-linked #APT28 use #Signal chats to target Ukraine official with #malware
https://securityaffairs.com/179288/apt/russia-linked-apt28-use-signal-chats-to-target-ukraine-official-with-malware.html
#securityaffairs #hacking
Security Affairs · Russia-linked APT28 use Signal chats to target Ukraine official with malwareRussia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains.
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine.
The hackers targeted entities in the defense, transportation, IT services, air traffic, and maritime sectors in 12 European countries and the United States.
#APT28 #russia #Ukraine #security #cybersecurity #hackers #hacking
Aktuelle Warnung vor Cyberangriffen auf den Logistik- und #Technologiesektor: Das BfV, das #BSI und der BND warnen aktuell vor Cyberangriffen, um #KRITIS auszuspionieren.
Verantwortlich für die Angriffe ist die Einheit 26165 des russischen Militärgeheimdienstes GRU und die dazugehörige Cybergruppierung #APT28, die sich beispielsweise mittels Spear-Phishing und Brute-Force-Angriffen unbefugten Zugriff auf die IT-Infrastruktur verschaffen.
https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/wirtschafts-wissenschaftsschutz/2025-05-21-jcsa.pdf #cybersecurity
#Russia-linked #APT28 targets western logistics entities and technology firms
https://securityaffairs.com/178165/apt/russia-linked-apt28-targets-western-logistics-entities-and-technology-firms.html
#securityaffairs #hacking
Security Affairs · Russia-linked APT28 targets western logistics entities and technology firmsCISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing an elevated threat to supply chains
Another day, another Russia-linked malware spotted targeting Ukranian organisations, as per ESET. This time, the attack is dubbed as #RoundPress.
Read: https://hackread.com/russia-spypress-malware-exploits-webmails-spy-ukraine/
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · Russia-Linked SpyPress Malware Exploits Webmails to Spy on UkraineFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
decio Tiens, là il n'y a plus de chichi cyber-diplomatiques ou d'hypothèses : l'ANSSI attribue officiellement, par le biais du traçage des modes opératoires d’attaque, les dernières grandes attaques contre les institutions françaises au groupe russe APT28 ( aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, et STRONTIUM) dans son dernier rapport intitulé "Ciblage et compromission d'entités françaises au moyen du mode opératoire d'attaque APT28 - ACTIVITÉS ASSOCIÉES À APT28 DEPUIS 2021".
https://www.cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-006/
Brandt 
Better late than never: The government of #France attributes a wide range of #cyberattacks dating back ten years, targeting the French-hosted 2024 Olympics, prior elections, and against entities like television networks, to Russia's GRU (#APT28), and condemns them, officially, in a statement posted to their website.
A machine-translated-to-English screenshot of the statement is shown below.
"Together with its partners, France is determined to use all the means at its disposal to anticipate, deter and respond to Russia’s malicious behaviour in cyberspace where appropriate."
Someone has to.
Interesting attack vector 
"Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack"
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
WIRED · Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack
"For determined hackers, sitting in a car outside a target's building and using radio equipment to breach its Wi-Fi network has long been an effective but risky technique. These risks became all too clear when spies working for Russia's GRU military intelligence agency were caught red-handed on a city street in the Netherlands in 2018 using an antenna hidden in their car's trunk to try to hack into the Wi-Fi of the Organization for the Prohibition of Chemical Weapons.
Since that incident, however, that same unit of Russian military hackers appears to have developed a new and far safer Wi-Fi hacking technique: Instead of venturing into radio range of their target, they found another vulnerable network in a building across the street, remotely hacked into a laptop in that neighboring building, and used that computer's antenna to break into the Wi-Fi network of their intended victim—a radio-hacking trick that never even required leaving Russian soil.
At the Cyberwarcon security conference in Arlington, Virginia, today, cybersecurity researcher Steven Adair will reveal how his firm, Volexity, discovered that unprecedented Wi-Fi hacking technique—what the firm is calling a “nearest neighbor attack"—while investigating a network breach targeting a customer in Washington, DC, in 2022. Volexity, which declined to name its DC customer, has since tied the breach to the Russian hacker group known as Fancy Bear, APT28, or Unit 26165."
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
WIRED · Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack
#Russian #Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented #Hack
In a first, Russia's #APT28 hacking group appears to have remotely breached the Wi-Fi of an #espionage target by hijacking a laptop in another building across the street.
#security #privacy #russia
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
WIRED · Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack
"APT28: Following bear tracks back to the cave" presented by Golo Mühr
This DISCARDED episode dives into the ever-evolving world of advanced persistent threats (APTs).
In this micro video, Greg shares what he and the team have been observing when it comes to TA422 (AKA #APT28) activity.
Listen in, then stream the full episode on your favorite listening platform.
Apple Podcasts: https://ow.ly/XA2a50TgLzg
Spotify: https://ow.ly/of8K50TgLzh
Web: https://ow.ly/aLw750TgLzf
Continued thread
APT28 campaign directed against Polish government institutions
cert.plAPT28 campaign directed against Polish government institutionsCERT Polska is observing a malicious e-mail campaign conducted by the APT28 group against Polish government institutions.
Ukrainka sprzedająca używaną bieliznę, czyli jak rosyjska grupa APT28 próbowała zainfekować polskie instytucje rządowe
cert.plKampania APT28 skierowana przeciwko polskim instytucjom rządowymCERT Polska obserwuje złośliwą kampanię e-mail prowadzoną przez grupę APT28 przeciwko polskim instytucjom rządowym.
https://www.europesays.com/1199368/ Following the attribution of the #APT28 cyberattack, Germany has called the German Ambassador to #Russia @Lambsdorff back to Berlin for consultations. Russia’s actions against our liberal democracy & the institutions that support it are very serious and cannot stand. #Ukraine #UkraineWar #UkraineWarVideoReport