APT28 Targets Government Agencies with BEARDSHELL and COVENANT

Red | Attack Report
Download PDF

APT28 (UAC-0001), a Russian state-linked group, targeted government agencies with a sophisticated cyberattack using spear-phishing emails to deliver malicious documents via Signal. The attack deployed BEARDSHELL and COVENANT malware, enabling remote access and data exfiltration through trusted cloud services. By leveraging fileless techniques and legitimate platforms, the attackers evaded detection and maintained persistent control over compromised systems. This campaign highlights the evolving tactics of APT28 in targeting critical government infrastructure.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox