APT28 is a numbered threat group linked to and likely controlled by the Russian General Staff Main Intelligence Directorate (also known as the GRU.) Specifically, they are connected to the 85th Main Special Service Center military unit 26165. APT28 is also known as Fancy Bear. APT28 has been visibly active since approximately 2004. Since 2007 various security researchers have noted the evolution of the APT28 malware tools and the increasing sophistication in using this growing arsenal of malicious tools. APT28 has been observed as active in attacks upon Hillary Clinton’s campaign, the Democratic National Committee (as did APT29, which is linked to the Russian SVR), and numerous, well-publicized attempts to impact the U.S. presidential election.
An investigation by various cybersecurity researchers and law enforcement agencies determined the identities of five of the GRU 26165 officers associated with APT28. More specifically, it was for their activity attacking a U.S. Nuclear Facility, the Organization for the Prohibition of Chemical Weapons, and other agencies and institutes. In addition, the indicted GRU officers also worked with GRU Unit 74455, known as the infamous Sandwork Team.
Per Mandiant’s reporting, it appears that APT28 does not engage in widespread intellectual property theft or other activities which target economic gain. Instead, APT28 seems to direct energy into exfiltrating intelligence and intellectual property that would be most useful to the Russian government. APT28 continually targets security organizations, military units, defense departments, and government agencies to benefit the Russian government.
It also seems that the malware authors work in the Russian time zone, specifically in St. Petersburg and Moscow. In terms of detailed targeting, they have been suspected of targeting many eastern European governments and their respective military organizations, Georgia, security-related organizations such as OSCE, NATO, and the Polish and Hungarian governments.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.