A look back at a malicious espionage campaign that targeted government organisations in Ukraine and Poland in the early 20th Century and may have been carried out by a threat-actor known as APT28. HarfangLab identified additional malicious files and infrastructure which they believe with high confidence are part of the same campaign. The campaign targeted government organisations in Ukraine and Poland at least (and possibly in Azerbaijan as well), started on 2023-12-13 at the latest, and abused legitimate Ubiquity network devices as infrastructure. HarfangLab could not reliably link the described campaign with APT28 in particular.

Click for details.