APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
Summary
The Russian state-sponsored hacking group APT28 has been actively using two malware implants, BEARDSHELL and COVENANT, for ongoing espionage targeting Ukrainian military personnel. These implants have been in use since at least April 2024, according to ESET's research.
IFF Assessment
This is bad news for defenders as it highlights a sophisticated threat actor engaged in targeted espionage against a military force using advanced malware.
Defender Context
Defenders need to be aware of APT28's continued targeting of Ukraine and the specific malware families they are employing, BEARDSHELL and COVENANT. Monitoring for these TTPs (Tactics, Techniques, and Procedures) and ensuring robust endpoint detection and response capabilities are crucial for mitigating such espionage campaigns.