APT 28, a Russian threat actor, used spear-phishing lures to gain a hold on Ukrainian government and military email servers and then attempted to expand access to the broader email network. The campaign has been active since at least November 2021.
- Agencies in the Ukrainian government and military who operate Roundcube email servers
Suspected state sponsor
- Russian Federation
Type of incident