Cyber Resilience

Campaign · all campaigns

APT28 Nearest Neighbor CampaignC0051 state

🇷🇺 RU · GRU · Unit 26165

aka APT28 Nearest Neighbor Campaign

Run by APT28

Last updated: 2026-07-03

0attributed CVEs
28ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[APT28 Nearest Neighbor Campaign](https://attack.mitre.org/campaigns/C0051) was conducted by [APT28](https://attack.mitre.org/groups/G0007) from early February 2022 to November 2024 against organizations and individuals with expertise on Ukraine. APT28 primarily leveraged living-off-the-land techniques, while leveraging the zero-day exploitation of CVE-2022-38028. Notably, APT28 leveraged Wi-Fi networks in close proximity to the intended target to gain initial access to the victim environment. By daisy-chaining multiple compromised organizations nearby the intended target, APT28 discovered dual-homed systems (with both a wired and wireless network connection) to enable Wi-Fi and use compromised credentials to connect to the victim network.(Citation: Nearest Neighbor Volexity)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-419 / 2868%
CM-218 / 2864%
AC-316 / 2857%
AC-615 / 2854%
CM-614 / 2850%
SI-314 / 2850%
AC-213 / 2846%
AC-511 / 2839%
CA-711 / 2839%
IA-211 / 2839%
CM-59 / 2832%
CM-79 / 2832%
SI-78 / 2829%
IA-57 / 2825%
SC-77 / 2825%

Co-occurring actors

None.

Similar actors