APT28 Targets Roundcube Vulnerabilities to Exploit Ukrainian Organizations
Category: Russia & Ukraine | Industries: Aviation, Government |
Source: Recorded Future
A collaborative threat monitoring effort from Ukraine's computer emergency response team (CERT-UA) and researchers affiliated with Recorded Future's Inskit Group has identified a spear phishing campaign attributed to APT28 (also known as Fancy Bear or BlueDelta). This campaign is traced to have been active since November 2021, and specifically targeted the Ukrainian government and an aviation organization operating within the country's military. Recorded Future assesses that the campaign is conducted to 'enable military intelligence-gathering to support Russia’s invasion of Ukraine."