<ul><li>CISA warns that Russia-linked APT28 is targeting Western logistics and technology companies aiding Ukraine, posing a heightened threat to supply chains.</li><li>APT28, also known as Fancy Bear, has been active since at least 2007 and has targeted governments, militaries, and security organizations globally, including the 2016 Presidential election.</li><li>The group operates from Russian military unit 26165 of GRU 85th Main Special Service Center, targeting Western logistics and tech firms linked to Ukraine aid across 13 countries using various tactics like spear-phishing and exploiting vulnerabilities.</li><li>GRU Unit 26165 used tactics such as spearphishing with fake login pages, exploiting Outlook and Roundcube vulnerabilities, deploying custom malware like HEADLACE and MASEPIE, and exfiltrating data using PowerShell and APIs, targeting Western logistics and IT sectors.</li></ul>

Russia-linked APT28 targets western logistics entities and technology firms

Discover more