Find notable cyber news and cases, enriched with sources, timelines, and signals.

APT28 long-term espionage campaign targeting Ukrainian military personnel

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

A sustained APT28 espionage campaign is using BEARDSHELL and COVENANT to surveil Ukrainian military personnel, extending access through cloud-based C2 and increasing the risk of prolonged intelligence collection. The activity has been observed since April 2024 and shows how the group is adapting its tooling to maintain covert operations. The campaign remains focused on selected targets in Ukraine rather than broad opportunistic victims.

Related Happenings

FishMonger multi-country government espionage campaign

Campaign
H score33 First: 16.06.2026 17:30 Last: 16.06.2026 17:30 Sources 1

About this happening: **FishMonger** ran a **multi-country espionage campaign** against **government bodies** in **Honduras, Taiwan, Thailand and Pakistan** across **2023 and 2024**. The activity point...

Earth Lusca Operation FishMedley espionage campaign

Campaign
H score38 First: 16.06.2026 12:44 Last: 16.06.2026 12:44 Sources 1

About this happening: A **multi-country espionage campaign** tied to **Earth Lusca / FishMonger** is now linked to **Operation FishMedley**, a **January–October 2022** effort that reached **seven organ...

OceanLotus SPECTRALVIPER campaigns targeting Vietnam

Campaign
H score33 First: 11.06.2026 12:45 Last: 11.06.2026 12:45 Sources 1

About this happening: **OceanLotus** expanded its **Vietnam-focused espionage operations** with two attributed campaigns using **SPECTRALVIPER**, broadening risk to a **Vietnamese infrastructure and tr...

Webworm multi-country targeting campaign against government and enterprise victims

Campaign
H score38 First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...

Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities

Campaign
H score50 First: 14.05.2026 17:00 Last: 14.05.2026 17:00 Sources 1

About this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...

Timeline

  1. 10.03.2026 12:55 2 articles · 4mo ago

    APT28 long-term espionage campaign targeting Ukrainian military personnel

    Initial Disclosure

    Since **April 2024**, APT28 has been deploying **BEARDSHELL** and **COVENANT** against **Ukrainian military personnel** to establish long-term surveillance. Early activity centered on implant-based access and cloud services used for command-and-control.

    Show sources