The NSA, FBI, and Cybersecurity and Infrastructure Agency, in a joint advisory with the UK National Cyber Security Centre, said that APT28’s campaign affected “a small number based in Europe, US government institutions and approximately 250 Ukrainian victims.”
Researchers from Cisco Talos, Cisco’s cybersecurity division, said that attackers in the APT28 effort and similar incidents frequently had some network access prior to exploiting this particular vulnerability, which may have helped the attackers.