APT28 Targets Energy and Defense Sectors Using Webmail and VPN Services

The Russian state-sponsored threat group APT28 has been observed targeting entities involved in energy research and defense collaboration. According to reports from SecurityWeek, the attackers are impersonating popular webmail and VPN services, including Microsoft Outlook Web Access (OWA), Google, and Sophos VPN portals, to conduct their operations. While specific technical details such as exploited vulnerabilities or indicators of compromise are not disclosed in the available information, the focus on strategic sectors underscores the group's continued interest in high-value targets. This campaign highlights the persistent threat posed by advanced persistent threat (APT) groups leveraging trusted services to bypass security controls. Organizations in the energy and defense sectors are advised to enhance their monitoring capabilities and scrutinize unusual activity associated with webmail and VPN access. The lack of detailed technical information in the summary emphasizes the need for organizations to remain vigilant and employ robust detection mechanisms to identify potential malicious activity.