APT28 (UAC-0001), a Russian state-linked group, targeted government agencies with a sophisticated cyberattack using spear-phishing emails to deliver malicious documents via Signal. The attack deployed BEARDSHELL and COVENANT malware, enabling remote access and data exfiltration through trusted cloud services. By leveraging fileless techniques and legitimate platforms, the attackers evaded detection and maintained persistent control over compromised systems. This campaign highlights the evolving tactics of APT28 in targeting critical government infrastructure.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox