Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

ESET Research: One of Russia's Most Notorious Groups, Sednit, Resurges with Spyware in Ukraine

Sednit uses two implants, BeardShell and Covenant, alongside SlimAgent keylogger for resilient long-term espionage targeting Ukrainian military personnel since April 2024, ESET reports.

Summary by Benzinga
ESET researchers have traced the reactivation of Sednit's advanced implant team to a 2024 case in Ukraine, where a keylogger named SlimAgent was deployed. During that operation, BeardShell, a second Sednit-developed implant, was deployed. Across 2025 and 2026, Sednit repeatedly deployed BeardShell together with Covenant, a third major piece of its modern toolkit. Sednit heavily reworked this open-source implant to support long-term espionage and…

7 Articles

Globe NewswireGlobe Newswire
Center

ESET Research: One of Russia’s most notorious groups, Sednit, resurges with spyware in Ukraine

ESET researchers have traced the reactivation of Sednit’s advanced implant team to a 2024 case in Ukraine, where a keylogger named SlimAgent was...

Read Full Article
BenzingaBenzinga
Center

ESET Research: One of Russia's most notorious groups, Sednit, resurges with spyware in Ukraine

ESET researchers have traced the reactivation of Sednit's advanced implant team to a 2024 case in Ukraine, where a keylogger named SlimAgent was deployed. During that operation, BeardShell, a second Sednit-developed implant, was deployed. Across 2025 and 2026, Sednit repeatedly deployed BeardShell together with Covenant, a third major piece of its modern toolkit. Sednit heavily reworked this open-source implant to support long-term espionage and…

·New York, United States
Read Full Article
cybernoz.comcybernoz.com

This spy tool has been quietly stealing data for years - Cybernoz - Cybersecurity News

ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate cloud provider to ensure operational resilience. This dual-implant architecture has enabled sustained surveillance of Ukrainian military personnel since at least April 2024. The Sednit group itself was tied to Unit 26165 of the GRU by the US Department of Justice in 2016, iden…

Read Full Article
Help Net SecurityHelp Net Security

This spy tool has been quietly stealing data for years

ESET researchers uncover the Sednit espionage toolkit targeting Ukrainian military personnel with two advanced implants since April 2024.

Read Full Article
The Hacker NewsThe Hacker News

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,

Read Full Article
Global Security Mag OnlineGlobal Security Mag Online
Reposted by
Global Security Mag OnlineGlobal Security Mag Online

Eset Research: Sednit Modernises Its Tools and Targets Ukraine Again

ESET's laboratories have recently highlighted the revival of the Sednit group, which now relies on a modernised toolbox, which has two complementary implants, BeardShell and Covenant, each using a separate cloud provider to ensure their resilience. This dual-implanted strategy has allowed the group to maintain sustained surveillance of Ukrainian military personnel and will be active since April 2024. The US Department of Justice, as early as 201…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Benzinga broke the news in New York, United States on Tuesday, March 10, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Military icon

Military

State-Backed Cyber Operations icon

State-Backed Cyber Operations

Ukraine icon

Ukraine

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal