Russia-Linked APT28 Strikes Again: Signal Chats Used as Malware Delivery to Dupe Ukrainian Officials!

Russia-linked APT28 targets Ukrainian officials by using Signal chats as a delivery method for malware, aiming to make phishing attempts more convincing. The new malware strains, BeardShell and SlimAgent, are stealthy, utilize strong encryption, and exploit legitimate cloud services to avoid detection, showcasing modern cyberespionage tactics.

3P
Published: June 24, 2025 1:49 pmAdded: June 24, 2025 at 6:59 amAssembled by: The Editor
Pro Dashboard

Hot Take:

When it comes to cyber warfare, APT28 seems to be the James Bond of the hacking world – suave, innovative, and always one step ahead. This time, their weapon of choice is the ultra-cool Signal app, turning it into an unexpected Trojan horse. Who knew that your group chat could turn into a group hack?

Key Points:

– Russian cyberespionage group APT28 targets Ukrainian officials using Signal chats.
– Two new malware strains, BeardShell and SlimAgent, are involved in the attack.
– Malware exploits legitimate cloud services for stealth and uses strong encryption.
– The attack uses a malicious macro to execute COVENANT and BEARDSHELL malware.
– CERT-UA recommends monitoring specific network traffic for detection.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?