The Computer Emergency Response Team of Ukraine (CERT-UA) has issued warnings regarding new cyber attacks orchestrated by the Russia-linked APT28. The campaigns utilize Signal chat messages to distribute two malicious software families named BEARDSHELL and COVENANT. BEARDSHELL, coded in C++, can execute PowerShell scripts and communicate with remote servers. The cyber threats were first detected in early 2024 and have evolved, exploiting vulnerabilities in various webmail services. The new infection method involves a macro-laden Microsoft Word document designed to deliver payloads that compromise systems and maintain persistent access through Windows Registry modifications.
The new cyber attack campaign from Russia-linked APT28 targets Ukraine using Signal chat messages to deliver malware families BEARDSHELL and COVENANT, emphasizing advanced tactics.
CERT-UA's findings indicate that BEARDSHELL is capable of executing scripts remotely while COVENANT serves as an important component in the malware framework deployed by APT28.
Collection
[
|
...
]