APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
24 June 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT.
BEARDSHELL, per CERT-UA, is written in C++ and offers the ability to download and execute PowerShell scripts, as well as upload the results of the