Russia-linked APT28 has been exploiting mail server vulnerabilities against government and defense entities since September 2023.

Remcos RAT deployed via fileless PowerShell attacks using LNK files and MSHTA.exe, evades disk-based defenses.