Apt28 is a apt_group tracked across 50 threat clusters and 128 intelligence report mentions on ThreatCluster. First observed November 5, 2025; most recent activity July 16, 2026.
APT28 has actively exploited a zero-day vulnerability in MSHTML affecting all Windows versions, which has a CVSS score of 8.8. The vulnerability allows for security bypass and poses significant risks to users. A patch…
The FBI and partners disrupted a covert network of compromised TP-Link and MikroTik routers exploited by the Russian GRU (APT28) to steal Outlook credentials. This operation, known as Operation Masquerade, revealed that…
Russian state-backed hackers from APT28 are actively exploiting a high-severity stored cross-site scripting vulnerability (CVE-2025-66376) in the Zimbra Collaboration Suite (ZCS) to target Ukrainian government entities.…
A joint advisory from 21 global cybersecurity agencies warns that Russian state hackers from the FSB's Center 16 are exploiting poorly configured routers to infiltrate critical infrastructure networks worldwide. The…
A Russian state-linked advanced persistent threat (APT) has targeted a Ukrainian government agency through a cross-site scripting (XSS) vulnerability in the Zimbra Collaboration Suite, identified as CVE-2025-66376. The…
Two Russia-aligned cyber campaigns are exploiting the WinRAR vulnerability CVE-2025-8088 against Ukrainian targets nearly a year after it was patched. The flaw, a path traversal vulnerability, allows attackers to write…
The European Union has condemned and sanctioned Russia for a prolonged cyber espionage campaign targeting its member states. The campaign, orchestrated by the 16th Centre of the FSB, has involved infiltrating government…
Russian cyber group APT28, also known as Fancy Bear, has been exploiting vulnerabilities in TP-Link and MikroTik routers to conduct large-scale DNS hijacking operations. This campaign, which has affected over 18,000…
FamousSparrow, a China-aligned APT group, launched a multi-wave cyberespionage campaign against an Azerbaijani oil and gas company from late December 2025 to February 2026. The attackers employed an evolved DLL…
Bauman Moscow State Technical University is revealed to host a secret department training students for the GRU, Russia's military intelligence. Leaked documents show that over 2,000 students have been trained in…