Ukraine targeted by APT28 with novel malware

Multiple threat operations have exploited Microsoft’s “ms-appinstaller protocol” to spread malware, leading to its deactivation. These operations include Sangria Tempest, also known as FIN7, and Storm-0569, Storm-1674, and Storm-1113, according to cybersecurity news site, The Record.