APT28 long-term espionage campaign targeting Ukrainian military personnel
Campaign
Summary
Hide ▲
Show ▼
A sustained APT28 espionage campaign is using BEARDSHELL and COVENANT to surveil Ukrainian military personnel, extending access through cloud-based C2 and increasing the risk of prolonged intelligence collection. The activity has been observed since April 2024 and shows how the group is adapting its tooling to maintain covert operations. The campaign remains focused on selected targets in Ukraine rather than broad opportunistic victims.
Related Happenings
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities
Campaign
First: 14.05.2026 17:00
Last: 14.05.2026 17:00
Sources 1
About this happening:
The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...
Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities
CampaignAbout this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...
ScarCruft sqgame[.]net supply-chain espionage campaign
Campaign
First: 05.05.2026 12:07
Last: 05.05.2026 12:07
Sources 1
About this happening:
**ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...
ScarCruft sqgame[.]net supply-chain espionage campaign
CampaignAbout this happening: **ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...
GopherWhisper China-aligned APT campaign targeting Mongolian government institutions
Campaign
First: 23.04.2026 12:04
Last: 23.04.2026 12:04
Sources 1
About this happening:
The **GopherWhisper** campaign is a **China-aligned APT operation** targeting **Mongolian governmental institutions**, and it now appears to extend beyond a single compromise to *...
GopherWhisper China-aligned APT campaign targeting Mongolian government institutions
CampaignAbout this happening: The **GopherWhisper** campaign is a **China-aligned APT operation** targeting **Mongolian governmental institutions**, and it now appears to extend beyond a single compromise to *...
APT28 BEARDSHELL and COVENANT surveillance activity against Ukrainian military personnel
Malware Activity
First: 10.03.2026 12:55
Last: 10.03.2026 12:55
Sources 1
How related:
The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel.
About this happening:
The **APT28** operation has expanded into **BEARDSHELL** and **COVENANT** implants used for **long-term surveillance** of **Ukrainian military personnel**, indicating an active es...
APT28 BEARDSHELL and COVENANT surveillance activity against Ukrainian military personnel
Malware ActivityHow related: The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel.
About this happening: The **APT28** operation has expanded into **BEARDSHELL** and **COVENANT** implants used for **long-term surveillance** of **Ukrainian military personnel**, indicating an active es...
Timeline
-
10.03.2026 12:55 2 articles · 2mo ago
APT28 long-term espionage campaign targeting Ukrainian military personnel
Initial DisclosureSince **April 2024**, APT28 has been deploying **BEARDSHELL** and **COVENANT** against **Ukrainian military personnel** to establish long-term surveillance. Early activity centered on implant-based access and cloud services used for command-and-control.
Show sources
- APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military — thehackernews.com — 10.03.2026 12:55
- APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military — thehackernews.com — 10.03.2026 12:55