🚨 Threat of the Week – Operation RoundPress 🚨 Advanced DNS intelligence on APT28’s stealth campaign targeting government infrastructure. Download the full report ->> https://lnkd.in/exgNdEkQ
🕵🏼♂️ The Backstory
#APT28 reportedly exploited CVE-2025-32433 and CVE-2024-42009 to infiltrate government webmail servers in a highly targeted operation dubbed Operation RoundPress. While only 19 #IoCs were initially shared, WhoisXML API’s DNS analysis reveals the campaign’s footprint could be far broader and potentially more dangerous.
🔍 Key Findings
✅ 8,222 email-connected domains, with 7 already weaponized in malware or phishing campaigns
✅ 2 additional malicious IPs missed in the original disclosure
✅ 102 IP-connected domains, hosted on potentially dedicated infrastructure
✅ 580 string-connected domains that resemble the original IoCs, likely decoys or detection evasion variants
✅ IoCs dating back to 2018, some still actively resolving in 2025
👉 Get Full Visibility into Operation RoundPress
Download the full threat report to uncover over 8,900 #DNS artifacts tied to APT28’s ongoing campaign—and stay one step ahead ->>> https://lnkd.in/exgNdEkQ
