Russian APT Launches February 2026 Campaign Against Ukraine
Russian-linked threat actors initiated a targeted campaign against Ukrainian entities in February 2026, according to S2 Grupo's LAB52 threat intelligence team. The operation shows tactical overlaps with previous attacks attributed to Laundry Bear, also tracked as UAC-0190 or Void Blizzard.
Security researchers identified the campaign through analysis of malware samples and infrastructure patterns consistent with Russian state-sponsored operations. The attackers deployed new malware variants specifically crafted for this operation.
Ukrainian Defense Forces Primary Target
The campaign primarily focuses on Ukrainian defense organizations and government entities. Previous Laundry Bear operations have consistently targeted Ukraine's military infrastructure and defense contractors since the conflict began.
The threat group has maintained persistent access attempts against critical Ukrainian systems throughout 2025 and into early 2026. Defense organizations remain the highest-priority targets for Russian cyber operations.
Related: ClickFix Malware Campaign Targets AI Coding Assistants
Related: China-Linked APT Targets Southeast Asian Military Since 2020
Related: China APT Targets South American Telecom Infrastructure
Related: Chinese APT Targets Asian Organizations in Multi-Year
Laundry Bear Tactics Evolve for 2026 Operations
The new campaign leverages updated malware tools while maintaining core operational techniques from previous Laundry Bear attacks. Researchers noted infrastructure reuse and similar command-and-control patterns from earlier operations.
Ukrainian organizations should implement enhanced monitoring for Russian APT indicators and review CISA's Known Exploited Vulnerabilities catalog for potential attack vectors. Security teams must prioritize patching systems against vulnerabilities commonly exploited by Russian state actors.
