ESET researchers have identified a resurgence of the Sednit (APT28) group using a dual-implant toolkit consisting of BeardShell and Covenant, which leverages separate cloud providers for operational resilience to conduct sustained surveillance. This threat has been actively targeting Ukrainian military personnel since at least April 2024. The Sednit group is attributed to Russia's GRU Unit 26165.
ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate cloud provider to ensure operational resilience. This dual-implant architecture has enabled sustained surveillance of Ukrainian military personnel since at least April 2024. The Sednit group itself was tied to Unit 26165 of the GRU by the US Department of Justice in 2016, identifying it as part of Russia’s Main Intelligence … More → The post This spy tool has been quietly stealing data for years appeared first on Help Net Security .