APT28

Vendor News

Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

AndyC 30 April 2026

Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for unpatched...

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

AndyC 9 April 2026

Ravie LakshmananApr 08, 2026Vulnerability / Cloud Security The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has...

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

AndyC 8 April 2026

The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure...

APT28 conducts long-term espionage on Ukrainian forces using custom malware

AndyC 11 March 2026

APT28 conducts long-term espionage on Ukrainian forces using custom malware Pierluigi Paganini March 10, 2026 APT28 used BEARDSHELL and COVENANT...

Russian APT targets Ukraine with BadPaw and MeowMeow malware

AndyC 6 March 2026

Russian APT targets Ukraine with BadPaw and MeowMeow malware Pierluigi Paganini March 05, 2026 Researchers uncovered a Russian campaign targeting...

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

AndyC 3 March 2026

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch Pierluigi Paganini March 02, 2026 Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513...

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

AndyC 25 February 2026

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration Pierluigi Paganini February 24, 2026 Russia-linked APT28 targeted European entities with...

APT28 exploits Microsoft Office flaw in Operation Neusploit

AndyC 4 February 2026

APT28 exploits Microsoft Office flaw in Operation Neusploit Pierluigi Paganini February 03, 2026 Russia-linked APT28 is behind Operation Neusploit, exploiting...

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

AndyC 4 February 2026

Ravie LakshmananFeb 03, 2026Vulnerability / Malware The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to...

APT28

Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

APT28 conducts long-term espionage on Ukrainian forces using custom malware

Russian APT targets Ukraine with BadPaw and MeowMeow malware

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

APT28 exploits Microsoft Office flaw in Operation Neusploit

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

The calm before the ransom: What you see is not all there is

The calm before the ransom: What you see is not all there is

GopherWhisper: A burrow full of malware

GopherWhisper: A burrow full of malware

New NGate variant hides in a trojanized NFC payment app

New NGate variant hides in a trojanized NFC payment app

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed