Threat Research

    APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure

    APT28, a Russian state-sponsored threat group also known as Fancy Bear or UAC-0001, is conducting a sophisticated espionage campaign against European military and government entities. The operation primarily targets maritime and transportation organizations in Poland, Slovenia, Turkey, Greece, the UAE, and Ukraine....
    2/5/2026  0
    Read More »

    APT28 Leverages CVE-2026-21509 in Operation Neusploit

    In January 2026, Uncovered an in-the-wild campaign dubbed Operation Neusploit targeting Central and Eastern Europe. The attackers used malicious Microsoft RTF files to exploit CVE-2026-21509 and deploy backdoors via a multi-stage infection chain....
    2/3/2026  0
    Read More »

    Fancy Bear Gonepostal – Espionage Tool Provides Backdoor Access to Microsoft Outlook

    The Gonepostal malware has been observed in an espionage campaign linked to KTA007 (aka Fancy Bear/APT28), a Russian state-sponsored group tied to GRU Unit 26165. The malware consists of a dropper DLL and a password-protected Outlook macro file (VbaProject.OTM) that enables backdoor access via email-based C2....
    9/12/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.