Targeting of Ukrainian email servers
Date of report
  • June 2023
APT 28, a Russian threat actor, used spear-phishing lures to gain a hold on Ukrainian government and military email servers and then attempted to expand access to the broader email network. The campaign has been active since at least November 2021.
Suspected victims
  • Agencies in the Ukrainian government and military who operate Roundcube email servers
Suspected state sponsor
  • Russian Federation
Type of incident
  • Espionage
Target category
  • Government
  • Military
Victim government reaction
  • Unknown
Policy response
Suspected state sponsor response