🌐 Nation-State Threats

Sednit Reloaded: Old Code, New Tricks [Ukraine]

They said Sednit had gone quiet. They were wrong. The old guard is back, dusting off ancient code for a fresh digital assault.

CVE Watch Apr 13, 2026 4 min read
A stylized graphic representing digital footprints connecting old and new code, with cloud icons.

⚡ Key Takeaways

  • Sednit group, also known as APT28, has reactivated its advanced implant team. 𝕏
  • New implants, BeardShell and Covenant, use cloud providers for resilience and C&C. 𝕏
  • The group's modern toolkits show direct code lineage to their 2010-era implants. 𝕏
  • SlimAgent, a keylogger deployed in Ukraine, is derived from the older Xagent backdoor. 𝕏
Kenji Nakamura
Written by

Kenji Nakamura

Japan-based security correspondent tracking NISC policy, Japanese enterprise breaches, and Asia-Pacific cyber espionage.

#APT28 #Fancy Bear #cyber espionage #malware #sednit #ukraine
More in Nation-State Threats →

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by WeLiveSecurity (ESET)

Related Stories

📬

Stay in the loop

The week's most important stories from CVE Watch, delivered once a week.

No spam. Unsubscribe any time.