Russian APT28 has carried out a campaign against Defense entities in Europe.

Russian state-sponsored actor APT28 has been conducting credential-harvesting campaigns against individuals in energy research, defense collaboration, and government communications across Turkey, Europe, North Macedonia, and Uzbekistan. The group used phishing pages mimicking Microsoft OWA, Google, and Sophos VPN portals to steal credentials before redirecting victims to legitimate sites to avoid detection. The operations relied heavily on free hosting/tunneling services like Webhook.site, InfinityFree, Byet Internet Services, and ngrok to deploy disposable infrastructure.

Read more:

https://www.securityweek.com/russias-apt28-targeting-energy-research-defense-collaboration-entities/