Find notable cyber news and cases, enriched with sources, timelines, and signals.

APT28 credential-harvesting campaign against energy and regional targets

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

APT28 (BlueDelta) ran a credential-harvesting campaign that targeted a Turkish energy and nuclear research agency, a European think tank, and organizations in North Macedonia and Uzbekistan. The activity created a risk of credential theft for sensitive regional organizations and used fake Microsoft OWA, Google, and Sophos VPN pages to capture logins. The operation appeared in February and September 2025 and was tailored with Turkish-language lure material.

Related Happenings

GREYVIBE's Kremlin-aligned role in the Russian cybercrime ecosystem

Threat Actor Meta
H score15 First: 29.05.2026 14:31 Last: 29.05.2026 14:31 Sources 1

About this happening: A newly characterized **GREYVIBE** actor sits in a **grey zone** between **Kremlin-aligned intelligence work** and the **Russian cybercrime ecosystem**, complicating attribution f...

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
H score39 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...

Webworm expanded European government and South Africa university espionage campaign

Campaign
H score24 First: 20.05.2026 14:30 Last: 20.05.2026 14:30 Sources 1

About this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...

Bitter Middle East spear-phishing campaign targeting civil society figures

Campaign
H score28 First: 09.04.2026 13:45 Last: 09.04.2026 13:45 Sources 1

About this happening: A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...

TA416 European government espionage campaign

Campaign
H score32 First: 01.04.2026 15:05 Last: 01.04.2026 15:05 Sources 1

About this happening: TA416 has resumed **cyber espionage** activity, targeting **European governments** and **EU/NATO diplomatic missions** with a renewed malware-delivery operation that raises cross-...

Latest development: 03.04.2026 20:34

TA416 expanded its espionage campaign to Middle Eastern government and diplomatic entities after the outbreak of the U.S.-Israel-Iran conflict in late February 2026, while linking to archives hosted on Google Drive or a compromised SharePoint instance to refine its PlugX delivery chain and collect regional intelligence.

Timeline