Post #8080

⚠️ State-linked APT28 targeted UKR-net with sustained credential harvesting from mid-2024 to 2025. 🕵️‍♂️ Fake UKR-net login pages hosted on Mocky and relayed via ngrok and Serveo captured credentials and 2FA codes. Phishing PDFs and URL shorteners helped evade filters, showing infrastructure adapted to resist disruption. 🔗 Read campaign details here → https://thehackernews.com/2025/12/apt28-targets-ukrainian-ukr-net-users.html