<ul data-eligibleForWebStory="true"><li>Russia-linked cyberespionage group APT28 uses Signal chats to target Ukrainian officials with BeardShell and SlimAgent malware.</li><li>BeardShell and SlimAgent are advanced malware tools leveraging encryption and cloud services to avoid detection.</li><li>In March–April 2024, Ukrainian authorities discovered BeardShell and SlimAgent in a central executive body's system.</li><li>ESET researchers found unauthorized access to a Ukrainian government email account with malware linked to COVENANT and BeardShell.</li><li>Attackers used a malicious macro in a document delivered via Signal to initiate the attack.</li><li>The macro ultimately executed the COVENANT malware and activated the BeardShell backdoor.</li><li>Recommendations include monitoring network traffic to specific domains.</li><li>The report provides indicators of compromise for this threat.</li></ul>

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Discover more