Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

APT28 Targets 13 Nations in Cyber Espionage

December 13, 2023
Reading Time: 3 mins read
in Alerts
APT28 Targets 13 Nations in Cyber Espionage

Russian threat actor APT28, also known as ITG05, has been identified in an ongoing cyber espionage campaign targeting entities in at least 13 nations. Tracked by IBM X-Force as ITG05, the group has employed lures related to the Israel-Hamas conflict to deliver a custom backdoor named HeadLace. The campaign’s focus is on European entities with influence over humanitarian aid allocation, employing decoys associated with organizations like the United Nations, the Bank of Israel, the U.S. Congressional Research Service, and the European Parliament.

The infrastructure of ITG05 ensures that only targets from a specific country can receive the malware, indicating a highly targeted approach. Countries affected by the campaign include Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia, and Romania. The threat actor utilizes authentic documents created by academic, finance, and diplomatic centers to facilitate the attacks. This marks a deviation from previous activities and suggests an increased emphasis on a unique target audience involved in emerging policy creation, especially in the realm of global foreign policy centers.

The disclosure of this cyber espionage campaign follows recent reports from Microsoft, Palo Alto Networks Unit 42, and Proofpoint, highlighting APT28’s exploitation of a critical security flaw in Microsoft Outlook (CVE-2023-23397). In that case, the threat actor gained unauthorized access to victims’ accounts within Exchange servers. The use of official documents as lures by ITG05 signifies a strategic shift and indicates the group’s interest in obtaining advanced insight into critical dynamics surrounding the international community’s approach to competing priorities for security and humanitarian assistance. This campaign underscores the persistent and evolving threat posed by nation-state actors engaging in cyber espionage activities with geopolitical motivations.

Reference:
  • ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware
Tags: APT28AustraliaAzerbaijanBelgiumCozy BearCyber AlertCyber Alerts 2023cyber espionageCyber RiskDecember 2023GermanyHungaryItalyKazakhstanLatviaMicrosoftPolandRomaniaSaudi ArabiaTürkiyeUkraine
ADVERTISEMENT

Related Posts

MixShell Hts US Supply Chain Firms

MixShell Hts US Supply Chain Firms

August 27, 2025
MixShell Hts US Supply Chain Firms

AI Attack Hides Prompts In Images

August 27, 2025
MixShell Hts US Supply Chain Firms

WhatsApp Desktop Code Execution Risk

August 27, 2025
Fake CoinMarketCap Journalists Scam

Fake CoinMarketCap Journalists Scam

August 26, 2025
Fake CoinMarketCap Journalists Scam

Malicious Apps Removed from Google Play

August 26, 2025
Fake CoinMarketCap Journalists Scam

AI Browsers Pose Prompt Injection Risk

August 26, 2025

Latest Alerts

MixShell Hts US Supply Chain Firms

AI Attack Hides Prompts In Images

WhatsApp Desktop Code Execution Risk

Malicious Apps Removed from Google Play

Fake CoinMarketCap Journalists Scam

AI Browsers Pose Prompt Injection Risk

Subscribe to our newsletter

    Latest Incidents

    Auchan Retailer Reports Data Breach

    NJ Social Services Reports Data Breach

    Salesloft Breach Exposes OAuth Tokens

    Farmers Insurance Cyberattack Hits 1M

    Arch Linux Hit by Ongoing DDoS Attack

    Hackers Disrupt Iran Merchant Fleet Again

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial