Key Findings APT28, a Russian state-sponsored hacking group, has been observed using a pair of custom malware implants called BEARDSHELL and COVENANT for long-term surveillance of Ukrainian military personnel since April 2024. The malware families showcase the group's continued capabilities in developing advanced custom tools for espionage operations. BEARDSHELL is a C++ backdoor that downloads and executes PowerShell scripts, sending results via the Icedrive cloud storage se
