Russia Articles

APT28 Deploys LAMEHUG: First Known Malware Using LLMs in Live Operations

Russia's APT28 has deployed LAMEHUG and PROMPTSTEAL malware that queries large language models via Hugging Face to dynamically generate attack commands, marking the first confirmed use of AI-powered malware in active cyber operations.

February 4, 2026 APT28 Russia AI

APT28 Exploits Microsoft Office Zero-Day in Operation Neusploit Targeting Ukraine

Russia's APT28 weaponized CVE-2026-21509 within three days of Microsoft's disclosure, deploying MiniDoor email stealers and PixyNetLoader against Ukraine, Slovakia, and Romania.

February 3, 2026 APT28 Russia zero-day

WinRAR Vulnerability Still Widely Exploited by Nation-State and Cybercrime Groups

CVE-2025-8088 (CVSS 8.8), a path traversal flaw abusing Windows Alternate Data Streams, continues to be exploited by Russian APTs, Chinese actors, and cybercriminals to achieve persistence via Startup folder drops.

February 2, 2026 WinRAR CVE-2025-8088 APT

Poland Repels Cyberattack on Power Grid, Attributes to Russia's Sandworm

Russia's Sandworm deployed DynoWiper malware against ~30 Polish energy facilities on December 29-30, 2025—the first major cyberattack targeting distributed energy resources. Some equipment was damaged beyond repair.

January 15, 2026 Poland Sandworm Russia

Russia's Fancy Bear APT Runs Low-Cost Credential Harvesting Campaign Against Global Targets

APT28 targets energy, defense, and policy organizations in Turkey, the Balkans, and Central Asia with phishing campaigns using legitimate PDFs from real think tanks and free hosting infrastructure.

January 9, 2026 APT Russia Fancy Bear