APT28 Nearest Neighbor Campaign (C0051)
Auto-surfaced MITRE campaign. This page renders directly from MITRE ATT&CK data; no curated narrative or verified victim list. See /incidents.html for the curated landmark layer.
Active: ?-? · Run by: APT28 · 0 attributed CVE(s) · 28 technique(s).
MITRE description
[APT28 Nearest Neighbor Campaign](https://attack.mitre.org/campaigns/C0051) was conducted by [APT28](https://attack.mitre.org/groups/G0007) from early February 2022 to November 2024 against organizations and individuals with expertise on Ukraine. APT28 primarily leveraged living-off-the-land techniques, while leveraging the zero-day exploitation of CVE-2022-38028. Notably, APT28 leveraged Wi-Fi networks in close proximity to the intended target to gain initial access to the victim environment. By daisy-chaining multiple compromised organizations nearby the intended target, APT28 discovered dual-homed systems (with both a wired and wireless network connection) to enable Wi-Fi and use compromised credentials to connect to the victim network.(Citation: Nearest Neighbor Volexity)