Threat actor
APT28
Tracked by CyberSIXT since Apr 7, 2026 · last activity Jun 16, 2026
Linked incidents
Associated CVEs
Coverage timeline
-
GRU hackers use compromised routers to spy on UK officialsdti.domaintools.com · Jun 16, 2026
-
APT28’s PixyNetLoader uses PNG steganography to hide malwaresecurityonline.info · Jun 8, 2026
-
Polish water plants breached by Russian APT via weak passwordssecurityaffairs.com · May 8, 2026
-
AI Powered Scams Rise as Deepfake Calls Cost Firms Millionssocradar.io · May 4, 2026
-
CISA Flags Actively Exploited CVE-2024-1708 and Windows Flawthehackernews.com · Apr 29, 2026
-
Microsoft Warns of Active Exploit in CVE-2026-32202 Spoof Flawthehackernews.com · Apr 28, 2026
-
APT28 exploits Windows SmartScreen gap for zero click LNK attackswww.securityweek.com · Apr 27, 2026
-
RegPhantom Rootkit Lets Attackers Gain Kernel Access on Windowsthehackernews.com · Apr 13, 2026
-
Malicious npm Strapi Packages Spread Redis RCE and Steal Datasecurityaffairs.com · Apr 12, 2026
-
Trend Micro Exposes Fancy Bears Prismex Malware Targeting Ukrainewww.darkreading.com · Apr 9, 2026
-
APT28's Year Long Router Hijacking Campaign Exposes World Trafficwww.darkreading.com · Apr 9, 2026
-
Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tacticssecurityaffairs.com · Apr 8, 2026
-
APT28 Deploys New PRISMEX Malware Against Ukraine and NATO Alliesthehackernews.com · Apr 8, 2026
-
UK warns Russian hackers hijack home routers for spyingwww.malwarebytes.com · Apr 8, 2026
-
APT28 hijacks routers worldwide to steal passwords via DNS attackdatabreaches.net · Apr 8, 2026
-
Russian APT28 hijacks home routers to steal credentialsarstechnica.com · Apr 8, 2026
-
US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijackingwww.securityweek.com · Apr 8, 2026
-
US and FBI shut down Russian hackers' router hijacking networkwww.infosecurity-magazine.com · Apr 8, 2026
-
APT28 hijacks routers worldwide in DNS based FrostArmada campaignthehackernews.com · Apr 7, 2026
-
APT28 exploits SOHO routers via CVE‑2023‑50224 to steal credentialswww.infosecurity-magazine.com · Apr 7, 2026
-
Forest Blizzard hijacks routers to spy via AI enabled DNS attackswww.microsoft.com · Apr 7, 2026
-
NCSC Warns Russian APT28 Hijacks Routers for DNS Attackswww.ncsc.gov.uk · Apr 7, 2026
-
APT28 exploits routers to redirect DNS, stealing credentialswww.ncsc.gov.uk · Apr 7, 2026