APT28, a Russian state-sponsored hacking group, has been using Signal chats to target Ukrainian government entities with new malware families, BeardShell and SlimAgent. These attacks involve phishing tactics to deliver malicious documents that exploit Windows vulnerabilities, allowing for data exfiltration and unauthorized access to sensitive information. CERT-UA has identified these activities, emphasizing the need for vigilance against threats linked to Signal's usage.

Researchers have identified "Lamehug," the first AI-powered malware associated with Russia's APT28 group, which is designed to enhance its evasion techniques and operational effectiveness. This malware leverages artificial intelligence to adapt and optimize its behavior, posing new challenges for cybersecurity defenses. The findings highlight the increasing sophistication of cyber threats in the landscape of state-sponsored attacks.