The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, a webmail and news service popular in Ukraine.
The activity, observed by Recorded Future's Insikt Group between June 2024 and April 2025, builds upon prior findings from the cybersecurity company in May 2024 that



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/12/apt28-targets-ukrainian-ukr-net-users.html