APT28 long-term espionage campaign targeting Ukrainian military personnel
Campaign
Summary
Hide ▲
Show ▼
A sustained APT28 espionage campaign is using BEARDSHELL and COVENANT to surveil Ukrainian military personnel, extending access through cloud-based C2 and increasing the risk of prolonged intelligence collection. The activity has been observed since April 2024 and shows how the group is adapting its tooling to maintain covert operations. The campaign remains focused on selected targets in Ukraine rather than broad opportunistic victims.
Related Happenings
FishMonger multi-country government espionage campaign
Campaign
H score33
First: 16.06.2026 17:30
Last: 16.06.2026 17:30
Sources 1
About this happening:
**FishMonger** ran a **multi-country espionage campaign** against **government bodies** in **Honduras, Taiwan, Thailand and Pakistan** across **2023 and 2024**. The activity point...
FishMonger multi-country government espionage campaign
CampaignAbout this happening: **FishMonger** ran a **multi-country espionage campaign** against **government bodies** in **Honduras, Taiwan, Thailand and Pakistan** across **2023 and 2024**. The activity point...
Earth Lusca Operation FishMedley espionage campaign
Campaign
H score38
First: 16.06.2026 12:44
Last: 16.06.2026 12:44
Sources 1
About this happening:
A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
Earth Lusca Operation FishMedley espionage campaign
CampaignAbout this happening: A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...
OceanLotus SPECTRALVIPER campaigns targeting Vietnam
Campaign
H score33
First: 11.06.2026 12:45
Last: 11.06.2026 12:45
Sources 1
About this happening:
**OceanLotus** expanded its **Vietnam-focused espionage operations** with two attributed campaigns using **SPECTRALVIPER**, broadening risk to a **Vietnamese infrastructure and tr...
OceanLotus SPECTRALVIPER campaigns targeting Vietnam
CampaignAbout this happening: **OceanLotus** expanded its **Vietnam-focused espionage operations** with two attributed campaigns using **SPECTRALVIPER**, broadening risk to a **Vietnamese infrastructure and tr...
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
H score38
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities
Campaign
H score50
First: 14.05.2026 17:00
Last: 14.05.2026 17:00
Sources 1
About this happening:
The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...
Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities
CampaignAbout this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...
Timeline
-
10.03.2026 12:55 2 articles · 4mo ago
APT28 long-term espionage campaign targeting Ukrainian military personnel
Initial DisclosureSince **April 2024**, APT28 has been deploying **BEARDSHELL** and **COVENANT** against **Ukrainian military personnel** to establish long-term surveillance. Early activity centered on implant-based access and cloud services used for command-and-control.
Show sources
- APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military — thehackernews.com — 10.03.2026 12:55
- APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military — thehackernews.com — 10.03.2026 12:55