Ukrainian authorities have verified a sophisticated cyber campaign, attributed to APT28, targeting the country's prosecution and anti-corruption agencies. The attackers exploited vulnerabilities in the Roundcube webmail platform, enabling them to execute malicious code when a victim opens a malicious email. This tactic allows attackers to gain unauthorized access to sensitive information without requiring user interaction beyond opening the email. The involvement of APT28, a group known for its ties to Russian intelligence, signifies a geopolitical motivation behind the intrusions1. The use of such tactics by state-aligned groups shifts the threat model, requiring a distinct approach to mitigate and respond to these types of attacks. This campaign's success highlights the importance of prioritizing email security and vulnerability management, particularly for high-value targets like prosecution and anti-corruption agencies, so what matters most to security practitioners is recognizing the elevated threat level posed by nation-state actors.