APT28
Country: Russia Organization: Russian General Staff Main Intelligence Directorate (GRU) 85th special Service Centre (GTsSS) Military Intelligence Unit 26165. Objective: Espionage
Aliases:
- APT28 (MITRE, Mandiant)
- Fancy Bear (CrowdStrike)
- Sofacy (F-Secure)
- Sednit or Sednit Group (ESET)
- Group 74 (Cisco Talos Intelligence)
- IRON TWILIGHT (Secureworks)
- Strontium (formerly used by Microsoft)
- Forest Blizzard (Microsoft)
- Pawn Storm (Trend Micro)
- Swallowtail (Symantec)
- BlueDelta (Recorded Future)
- UAC-0028 (CERT-UA)
- TA422 (Proofpoint)
- Fighting Ursa (Unit 42)
- FROZENLAKE (Google Threat Analysis Group)
Links
- CISA:
- U.S. Department of Justice:
- Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federationβs Main Intelligence Directorate of the General Staff (GRU) (February 15, 2024)
- Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices (May 23, 2018)
- U.S. State Department: The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States (May 3, 2024)
- U.S. Department of Defense: Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments (PDF, July 1, 2021)
- NSA: Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations (February 27, 2024)
- United Kingdom:
- NCSC-UK:
- Malware Analysis Report: Jaguar Tooth (PDF, April 18, 2023)