Originally reported by Security Affairs, The Record
TL;DR
Russian APT28 has been conducting extensive surveillance of Ukrainian military personnel since April 2024 using custom malware. Meanwhile, Finnish intelligence reports persistent cyber espionage from Russia and China targeting government and technology sectors.
Active APT28 espionage campaign against Ukrainian military represents ongoing nation-state threat with significant geopolitical implications during wartime operations.
Nation-state actors continue aggressive cyber operations across multiple theaters, with Russian APT28 maintaining sustained surveillance operations against Ukrainian forces while broader espionage campaigns target Western infrastructure and technology sectors.
ESET researchers have documented an ongoing APT28 campaign targeting Ukrainian military personnel that began in April 2024. The Russian intelligence-linked group, also tracked as UAC-0001, Fancy Bear, and STRONTIUM, deployed custom BEARDSHELL and COVENANT malware for persistent surveillance operations.
The campaign demonstrates APT28's continued focus on intelligence collection against Ukrainian defense capabilities during the ongoing conflict. The use of custom tooling indicates sustained resource allocation for these operations, suggesting the intelligence value of Ukrainian military communications remains a high priority for Russian cyber units.
Salesforce's Customer Security Operations Center has observed threat actors conducting mass scans of publicly accessible Experience Cloud sites using a modified version of AuraInspector. The tool, originally developed by Google/Mandiant for security auditing, has been weaponized to identify misconfigurations that could expose sensitive customer data.
The campaign represents a shift toward targeting cloud-based business platforms where organizations store critical customer and operational data. The systematic nature of the scanning suggests either nation-state actors or sophisticated criminal groups seeking high-value intelligence across multiple organizations simultaneously.
The Senate confirmed General Rudd as the dual-hat leader of NSA and U.S. Cyber Command by a 71-29 vote, ending a nearly year-long vacancy in these critical positions. Rudd assumes leadership as foreign adversaries intensify cyber operations against U.S. infrastructure while the administration pursues federal workforce reductions.
The confirmation provides continuity for defensive and offensive cyber operations at a time when both agencies face increasing operational tempo against state-sponsored threats. The dual-hat structure maintains unified command over signals intelligence and military cyber operations.
Finland's intelligence services report that cyber espionage remains the country's most significant digital security threat, with Russian and Chinese actors persistently targeting government systems, research institutions, and advanced technology companies.
The intelligence assessment reflects Finland's strategic position following NATO accession and its advanced technology sector's attractiveness to foreign intelligence services. The persistent nature of these operations suggests long-term strategic intelligence collection rather than opportunistic attacks.
CISA has shortened federal agencies' deadline to patch CVE-2025-26399, a critical vulnerability in SolarWinds Web Help Desk, requiring remediation by Thursday. The accelerated timeline suggests either confirmed exploitation or imminent threat intelligence indicating active targeting.
The expedited patching requirement for SolarWinds products reflects continued sensitivity around the vendor following the 2020 supply chain compromise. Federal agencies must balance rapid remediation with operational continuity for help desk systems.
Originally reported by Security Affairs, The Record