Skip to article
Security Alert
Emergent Story mode

Now reading

Overview

1 / 13 3 min 5 sources Multi-Source
Sources

Story mode

Security AlertMulti-Source8 sections

APT28 hackers deploy customized variant of Covenant open-source tool

APT28 hackers deploy new malware, legacy industrial systems pose risks, and identity security is put to the test

Read
3 min
Sources
5 sources
Domains
2
Sections
8

Cybersecurity threats are emerging from all angles, with hackers deploying new malware, exploiting weaknesses in legacy industrial systems, and targeting identity security vulnerabilities. Here's a breakdown of the...

Story state
Deep multi-angle story
Evidence
What Happened
Coverage
8 reporting sections
Next focus
What to Watch

Story step 1

Multi-Source

What Happened

The Russian state-sponsored APT28 threat group, also known as Fancy Bear, has started using a custom variant of the Covenant open-source...

Step
1 / 8

The Russian state-sponsored APT28 threat group, also known as Fancy Bear, has started using a custom variant of the Covenant open-source post-exploitation framework for long-term espionage operations. The group has been using this malware, named BeardShell and Covenant, to target central executive bodies in Ukraine.

Meanwhile, legacy industrial systems are posing a significant risk to cybersecurity. These systems, often running on outdated protocols and unsupported operating systems, are vulnerable to attacks. In fact, many facilities are still using unpatched Windows XP machines, which are easy targets for hackers.

Continue in the field

Focused storyNearby context

Open the live map from this story.

Carry this article into the map as a focused origin point, then widen into nearby reporting.

Leave the article stream and continue in live map mode with this story pinned as your origin point.

  • Open the map already centered on this story.
  • See what nearby reporting is clustering around the same geography.
  • Jump back to the article whenever you want the original thread.
Open live map mode

Story step 2

Multi-Source

Why It Matters

The use of customized malware by APT28 is a significant concern, as it highlights the group's ability to adapt and evolve its tactics. The fact that...

Step
2 / 8

The use of customized malware by APT28 is a significant concern, as it highlights the group's ability to adapt and evolve its tactics. The fact that legacy industrial systems are still widely used and vulnerable to attacks is also a major worry, as these systems are often critical to national infrastructure.

Identity security is also under threat, with access decisions becoming the weakest link in the chain. Hackers are increasingly using legitimate access requests to gain entry to systems, rather than relying on sophisticated technical exploits.

Story step 3

Multi-Source

What Experts Say

Cybersecurity is more than just achieving a perfect compliance score," says a security expert. "Testing how our environments withstand a determined...

Step
3 / 8
"Cybersecurity is more than just achieving a perfect compliance score," says a security expert. "Testing how our environments withstand a determined threat actor is the real validation of security posture."
"Policies and procedures won't stop an attacker, they'll just have more documents to exfiltrate when they breach us." — Security Expert

Story step 4

Multi-Source

Key Facts

Who: APT28 threat group What: Custom variant of Covenant open-source tool

Step
4 / 8
  • Who: APT28 threat group
  • What: Custom variant of Covenant open-source tool

Story step 5

Multi-Source

Key Numbers

25%: The percentage of Fortune 500 companies using Promptfoo's tools 42%: The percentage of organizations using outdated protocols and unsupported...

Step
5 / 8
  • 25%: The percentage of Fortune 500 companies using Promptfoo's tools
  • 42%: The percentage of organizations using outdated protocols and unsupported operating systems

Story step 6

Multi-Source

What Comes Next

As cybersecurity threats continue to evolve, it's essential for organizations to stay vigilant and adapt their security strategies. This includes...

Step
6 / 8

As cybersecurity threats continue to evolve, it's essential for organizations to stay vigilant and adapt their security strategies. This includes implementing robust identity security measures, regularly testing systems for vulnerabilities, and investing in the latest security technologies.

Story step 7

Multi-Source

Background

The cybersecurity landscape is constantly changing, with new threats emerging all the time. To stay ahead of the game, organizations need to be...

Step
7 / 8

The cybersecurity landscape is constantly changing, with new threats emerging all the time. To stay ahead of the game, organizations need to be proactive and take a holistic approach to security.

Story step 8

Multi-Source

What to Watch

The development of new malware and exploits by threat groups like APT28 The increasing use of artificial intelligence and machine learning in...

Step
8 / 8
  • The development of new malware and exploits by threat groups like APT28
  • The increasing use of artificial intelligence and machine learning in cybersecurity
  • The growing importance of identity security and access decisions in the cybersecurity chain

Source bench

Multi-Source

5 cited references across 2 linked domains.

References
5
Domains
2

5 cited references across 2 linked domains.

  1. Source 1 · Fulqrum Sources

    APT28 hackers deploy customized variant of Covenant open-source tool

  2. Source 2 · Fulqrum Sources

    The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

  3. Source 3 · Fulqrum Sources

    OpenAI to acquire Promptfoo to strengthen AI agent security testing

  4. Source 4 · Fulqrum Sources

    Why access decisions are becoming the weakest link in identity security

Open source workbench

Keep reporting

ContradictionsEvent arcNarrative drift

Open the deeper evidence boards.

Take the mobile reel into contradictions, event arcs, narrative drift, and the full source workspace.

  • Scan the cited sources and coverage bench first.
  • Open contradiction and narrative drift checks after the first read.
  • Revisit the core evidence in What Happened.
Open evidence boards

Stay in the reporting trail

Open the evidence boards, source bench, and related analysis.

Jump from the app-style read into the deeper workbench without losing your place in the story.

Open source workbenchBack to Security Alert
🔒 Security Alert

APT28 hackers deploy customized variant of Covenant open-source tool

APT28 hackers deploy new malware, legacy industrial systems pose risks, and identity security is put to the test

By Emergent News Desk

Wednesday, March 11, 2026 • 3 min read • 5 source references

  • 3 min read
  • 5 source references

Cybersecurity threats are emerging from all angles, with hackers deploying new malware, exploiting weaknesses in legacy industrial systems, and targeting identity security vulnerabilities. Here's a breakdown of the latest developments and what they mean for the cybersecurity landscape.

Story pulse
Story state
Deep multi-angle story
Evidence
What Happened
Coverage
8 reporting sections
Next focus
What to Watch

What Happened

The Russian state-sponsored APT28 threat group, also known as Fancy Bear, has started using a custom variant of the Covenant open-source post-exploitation framework for long-term espionage operations. The group has been using this malware, named BeardShell and Covenant, to target central executive bodies in Ukraine.

Meanwhile, legacy industrial systems are posing a significant risk to cybersecurity. These systems, often running on outdated protocols and unsupported operating systems, are vulnerable to attacks. In fact, many facilities are still using unpatched Windows XP machines, which are easy targets for hackers.

Why It Matters

The use of customized malware by APT28 is a significant concern, as it highlights the group's ability to adapt and evolve its tactics. The fact that legacy industrial systems are still widely used and vulnerable to attacks is also a major worry, as these systems are often critical to national infrastructure.

Identity security is also under threat, with access decisions becoming the weakest link in the chain. Hackers are increasingly using legitimate access requests to gain entry to systems, rather than relying on sophisticated technical exploits.

What Experts Say

"Cybersecurity is more than just achieving a perfect compliance score," says a security expert. "Testing how our environments withstand a determined threat actor is the real validation of security posture."
"Policies and procedures won't stop an attacker, they'll just have more documents to exfiltrate when they breach us." — Security Expert

Key Facts

  • Who: APT28 threat group
  • What: Custom variant of Covenant open-source tool

Key Numbers

  • 25%: The percentage of Fortune 500 companies using Promptfoo's tools
  • 42%: The percentage of organizations using outdated protocols and unsupported operating systems

What Comes Next

As cybersecurity threats continue to evolve, it's essential for organizations to stay vigilant and adapt their security strategies. This includes implementing robust identity security measures, regularly testing systems for vulnerabilities, and investing in the latest security technologies.

Background

The cybersecurity landscape is constantly changing, with new threats emerging all the time. To stay ahead of the game, organizations need to be proactive and take a holistic approach to security.

What to Watch

  • The development of new malware and exploits by threat groups like APT28
  • The increasing use of artificial intelligence and machine learning in cybersecurity
  • The growing importance of identity security and access decisions in the cybersecurity chain

Coverage tools

Sources, context, and related analysis

Visual reasoning

How this briefing, its evidence bench, and the next verification path fit together

A server-rendered QWIKR board that keeps the article legible while showing the logic of the current read, the attached source bench, and the next high-value reporting move.

Cited sources

0

Reasoning nodes

3

Routed paths

2

Next checks

1

Reasoning map

From briefing to evidence to next verification move

SSR · qwikr-flow

Story geography

Where this reporting sits on the map

Use the map-native view to understand what is happening near this story and what adjacent reporting is clustering around the same geography.

Geo context
0.00° N · 0.00° E Mapped story

This story is geotagged, but the nearby reporting bench is still warming up.

Continue in live map mode

Coverage at a Glance

5 sources

Compare coverage, inspect perspective spread, and open primary references side by side.

Linked Sources

5

Distinct Outlets

2

Viewpoint Center

Not enough mapped outlets

Outlet Diversity

Very Narrow
0 sources with viewpoint mapping 0 higher-credibility sources
Coverage is still narrow. Treat this as an early map and cross-check additional primary reporting.

Coverage Gaps to Watch

  • Thin mapped perspectives

    Most sources do not have mapped perspective data yet, so viewpoint spread is still uncertain.

  • No high-credibility anchors

    No source in this set reaches the high-credibility threshold. Cross-check with stronger primary reporting.

Read Across More Angles

Check the live asymmetry watch

Frontier can tell you whether this story’s lane is thin, transport-monoculture, or missing stronger anchors right now.

Open frontier →

Audit how this story fits your mix

Reader Lens now tracks source-dossier and lane visits, so you can see whether this story expands your overall reading behavior or reinforces a rut.

Open Reader Lens →

Source-by-Source View

Search by outlet or domain, then filter by credibility, viewpoint mapping, or the most-cited lane.

Showing 5 of 5 cited sources with links.

Unmapped Perspective (5)

bleepingcomputer.com

APT28 hackers deploy customized variant of Covenant open-source tool

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
csoonline.com

The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

Open

csoonline.com

Unmapped bias Credibility unknown Dossier
csoonline.com

OpenAI to acquire Promptfoo to strengthen AI agent security testing

Open

csoonline.com

Unmapped bias Credibility unknown Dossier
csoonline.com

Why access decisions are becoming the weakest link in identity security

Open

csoonline.com

Unmapped bias Credibility unknown Dossier
csoonline.com

I replaced manual pen tests with automation. Here’s what I learned.

Open

csoonline.com

Unmapped bias Credibility unknown Dossier
Fact-checked Real-time synthesis Bias-reduced

This article was synthesized by Fulqrum AI from 5 trusted sources, combining multiple perspectives into a comprehensive summary. All source references are listed below.