APT28 is employing increasingly sophisticated techniques in attacks against military entities, including steganography and COM hijacking for stealthy persistence. They are utilizing tools like Covenant and a custom backdoor, BeardShell, alongside legitimate cloud services for command and control and data theft. This upgraded campaign demonstrates a significant technical advancement and adaptability, making detection more challenging.
Latest mentioned: 09-16
Earliest mentioned: 09-12