Russia's Unit 26165 Resumes High-End Malware Campaigns

Russian Military Hacking Group Had Adopted Simpler Tactics - for Unclear Reasons Mathew J. Schwartz (euroinfosec) • March 10, 2026

A notorious Russian military cyberespionage hacking group has been refining its malware to conduct long-term surveillance of targets in Ukraine and beyond.

See Also: Experts Offer Insights from Theoretical to the Realities of AI-enabled Cybercrime

The full shape of recent activities that trace to the group, Unit 26165 of the Russian Main Intelligence Directorate, tracked as APT28, Fancy Bear and Forest Blizzard, is only now coming to light. These include "long-term espionage operations targeting Ukrainian military personnel" from 2024 onwards, says a Tuesday report from Eset, which tracks the group as Sednit.

Since 2024, APT28 has tapped a "high-end custom arsenal" of "espionage implants" developed in-house and which appear to have been largely wielded ...