π¨ Threat of the Week β Operation RoundPress π¨
Advanced DNS intelligence on APT28’s stealth campaign targeting government infrastructure via WhoisXML API. Download the full report ->>
https://lnkd.in/exgNdEkQ
π΅πΌβοΈ The Backstory #APT28 reportedly exploited CVE-2025-32433 and CVE-2024-42009 to infiltrate government webmail servers in a highly targeted operation dubbed Operation RoundPress. While only 19 #IoCs were initially shared, WhoisXML API’s DNS analysis reveals the campaign’s footprint could be far broader and potentially more dangerous.
π Key Findings
Β β
8,222 email-connected domains, with 7 already weaponized in malware or phishing campaigns
Β β
2 additional malicious IPs missed in the original disclosure
Β β
102 IP-connected domains, hosted on potentially dedicated infrastructure
Β β
580 string-connected domains that resemble the original IoCs, likely decoys or detection evasion variants
Β β
IoCs dating back to 2018, some still actively resolving in 2025
π Get Full Visibility into Operation RoundPress
Download the full threat report to uncover over 8,900 #DNS artifacts tied to APT28’s ongoing campaignβand stay one step ahead ->>> https://lnkd.in/exgNdEkQ
#ThreatIntelligence #CyberSecurity #Infosec #DNSintel #KEVCatalog #RoundPress
