APT28 Western Logistics Targeting
Multi-agency attributed APT28 campaign targeting Western logistics entities and technology companies coordinating foreign assistance to Ukraine. Includes compromise of internet-connected cameras near border crossings and transport hubs.
Start date
1 January 2024
End date
—
Techniques
17
Attributed actors
Techniques (17)
collection1
T1125Video Capture
command-and-control3
T1105Ingress Tool Transfer
T1071.001Web Protocols
T1090.003Multi-hop Proxy
credential-access1
T1110.003Password Spraying
defense-impairment1
T1070.001Clear Windows Event Logs
discovery3
T1082System Information Discovery
T1083File and Directory Discovery
T1016System Network Configuration Discovery
execution2
T1059.003Windows Command Shell
T1059.001PowerShell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access4
T1566.002Spearphishing Link
T1078Valid Accounts
T1133External Remote Services
T1566.001Spearphishing Attachment
persistence2
T1078Valid Accounts
T1133External Remote Services
privilege-escalation1
T1078Valid Accounts
stealth2
T1078Valid Accounts
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.