Campaign · all campaigns
APT28 Nearest Neighbor CampaignC0051 state
🇷🇺 RU · GRU · Unit 26165
aka APT28 Nearest Neighbor Campaign
Run by APT28
Last updated: 2026-07-03
About this actor
[APT28 Nearest Neighbor Campaign](https://attack.mitre.org/campaigns/C0051) was conducted by [APT28](https://attack.mitre.org/groups/G0007) from early February 2022 to November 2024 against organizations and individuals with expertise on Ukraine. APT28 primarily leveraged living-off-the-land techniques, while leveraging the zero-day exploitation of CVE-2022-38028. Notably, APT28 leveraged Wi-Fi networks in close proximity to the intended target to gain initial access to the victim environment. By daisy-chaining multiple compromised organizations nearby the intended target, APT28 discovered dual-homed systems (with both a wired and wireless network connection) to enable Wi-Fi and use compromised credentials to connect to the victim network.(Citation: Nearest Neighbor Volexity)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 19 / 28 | 68% |
CM-2 | 18 / 28 | 64% |
AC-3 | 16 / 28 | 57% |
AC-6 | 15 / 28 | 54% |
CM-6 | 14 / 28 | 50% |
SI-3 | 14 / 28 | 50% |
AC-2 | 13 / 28 | 46% |
AC-5 | 11 / 28 | 39% |
CA-7 | 11 / 28 | 39% |
IA-2 | 11 / 28 | 39% |
CM-5 | 9 / 28 | 32% |
CM-7 | 9 / 28 | 32% |
SI-7 | 8 / 28 | 29% |
IA-5 | 7 / 28 | 25% |
SC-7 | 7 / 28 | 25% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Agrius 0.29
- 2025 Poland Wiper Attacks 0.22
- Operation MidnightEclipse 0.20
- FIN13 0.20
- C0017 0.19
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00