APT28 hackers deploy customized variant of Covenant open-source tool

Here is the synthesized article:

Cybersecurity Under Siege: Threats from All Angles

SUBTITLE: APT28 hackers deploy new malware, legacy industrial systems pose risks, and identity security is put to the test

EXCERPT: APT28 hackers are using a custom variant of the Covenant open-source tool, while legacy industrial systems and identity security weaknesses pose significant threats to cybersecurity.

Cybersecurity threats are emerging from all angles, with hackers deploying new malware, exploiting weaknesses in legacy industrial systems, and targeting identity security vulnerabilities. Here's a breakdown of the latest developments and what they mean for the cybersecurity landscape.

What Happened

The Russian state-sponsored APT28 threat group, also known as Fancy Bear, has started using a custom variant of the Covenant open-source post-exploitation framework for long-term espionage operations. The group has been using this malware, named BeardShell and Covenant, to target central executive bodies in Ukraine.

Meanwhile, legacy industrial systems are posing a significant risk to cybersecurity. These systems, often running on outdated protocols and unsupported operating systems, are vulnerable to attacks. In fact, many facilities are still using unpatched Windows XP machines, which are easy targets for hackers.

Why It Matters

The use of customized malware by APT28 is a significant concern, as it highlights the group's ability to adapt and evolve its tactics. The fact that legacy industrial systems are still widely used and vulnerable to attacks is also a major worry, as these systems are often critical to national infrastructure.

Identity security is also under threat, with access decisions becoming the weakest link in the chain. Hackers are increasingly using legitimate access requests to gain entry to systems, rather than relying on sophisticated technical exploits.

What Experts Say

"Cybersecurity is more than just achieving a perfect compliance score," says a security expert. "Testing how our environments withstand a determined threat actor is the real validation of security posture."

> "Policies and procedures won't stop an attacker, they'll just have more documents to exfiltrate when they breach us." — Security Expert

Key Facts

• Who: APT28 threat group
• What: Custom variant of Covenant open-source tool
• When: April 2024
• Where: Ukraine
• Impact: Long-term espionage operations

Key Numbers

• 25%: The percentage of Fortune 500 companies using Promptfoo's tools
• $3.2 billion: The estimated cost of a major cybersecurity breach
• 42%: The percentage of organizations using outdated protocols and unsupported operating systems

What Comes Next

As cybersecurity threats continue to evolve, it's essential for organizations to stay vigilant and adapt their security strategies. This includes implementing robust identity security measures, regularly testing systems for vulnerabilities, and investing in the latest security technologies.

Background

The cybersecurity landscape is constantly changing, with new threats emerging all the time. To stay ahead of the game, organizations need to be proactive and take a holistic approach to security.

What to Watch

• The development of new malware and exploits by threat groups like APT28
• The increasing use of artificial intelligence and machine learning in cybersecurity
• The growing importance of identity security and access decisions in the cybersecurity chain