"APT28 Hacker Group's Global Phishing Campaign Exposed"

APT28, a Russia-linked threat actor, has been conducting widespread phishing campaigns targeting organizations in Europe, the Americas, and Asia by using lure documents imitating government and non-governmental entities. The group, also known as ITG05, has been deploying various malware such as MASEPIE, OCEANMAP, and STEELHOOK to exfiltrate files, run arbitrary commands, and steal browser data. They have been leveraging security flaws in Microsoft Outlook and the "search-ms:" URI protocol handler in Microsoft Windows to trick victims into downloading malware. Additionally, they have been using compromised Ubiquiti routers to host their servers. The phishing attacks impersonate entities from multiple countries and utilize a mix of authentic publicly available government and non-government lure documents to activate the infection chains.