![Russian Hackers Target UKR[.]net in Credential-Stealing Campaign](https://dailysecurityreview.com/wp-content/uploads/2025/12/Russian-Hackers-Target-UKR.net-in-Credential-Stealing-Campaign.png)
APT28, a notorious Russian threat actor, has been attributed to a “sustained” credential-harvesting campaign targeting users of UKR[.]net, a popular webmail and news service in Ukraine. The operation was observed by Recorded Future’s Insikt Group over an extended period, showcasing the persistent targeting of specific user bases.
Campaign Details Observed by Recorded Future
Recorded Future’s Insikt Group meticulously tracked the group’s activities from June 2024 to April 2025. This timeline underscores APT28’s persistent focus on UKR[.]net, leveraging the service’s popularity among Ukrainian users for their cyber espionage activities.
Tactics, Techniques, and Procedures Employed by APT28
APT28 employed sophisticated tactics characteristic of advanced persistent threats. The campaign involved deploying malware aimed at stealing user credentials across UKR[.]net. The air of sophistication highlights APT28’s operational capabilities and its focus on high-value targets.
Implications for Cybersecurity Strategy
The observed recurrence and persistence of such campaigns emphasize the need for improved security measures. Organizations and individuals utilizing platforms such as UKR[.]net are urged to bolster their cybersecurity postures by implementing measures like multi-factor authentication (MFA) and participating in continuous security awareness training.
Recorded Future’s Prior Findings and Impact
The recent findings provide continuity to Recorded Future’s May 2024 report, illustrating an ongoing threat landscape where APT28 adapts and sustains their efforts over time. These continued observations point to a refined operational approach aimed at evading detection while achieving objectives.
APT28’s focus on credential harvesting from UKR[.]net users serves as a critical reminder of the evolving threat vectors posed by state-sponsored actors. Security professionals must remain vigilant and proactive in detecting and mitigating such persistent threats to safeguard sensitive information.
