APT28 is one of Russia’s longest-running APTs and its operations date back to at least 2007. The group supports Russia in their strategic operations against the U.S, countries of the former Soviet Union, Europe, and now Asia. These attacks mostly involve cyber crimes against the defense and military of targeted countries. To support Russia’s national interests, APT28 compromises the targeted country’s operation, steals their data, and then leaks it to their government.
Going by the aliases Fancy Bear, Pawn Storm, Tsar Team, STRONTIUM, and Sofacy Group, APT28 performs their attacks using a spoofed website and phishing emails containing malicious links.
A Ukrainian media company called UkrNet has been the victim of a massive credential phishing campaign. Newly created landing pages like blogspot domains are used by the attackers.
UNC1151 – a Minsk based threat group – has been targeting the Ukrainian government officials and military personnel with mass phishing emails. After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages. Later, the attackers use contact details from the victim’s address book to send the phishing emails.
Mustang Panda, which although is a Chinese group, has also been taking advantage of the Russian-Ukrainian cyber warfare and used the situation to deploy a malware Ukraine.exe