Not Simon 🐐

Country: Russia Organization: Russian General Staff Main Intelligence Directorate (GRU) 85th special Service Centre (GTsSS) Military Intelligence Unit 26165. Objective: Espionage

Aliases:

• APT28 (MITRE, Mandiant)
• Fancy Bear (CrowdStrike)
• Sofacy (F-Secure)
• Sednit or Sednit Group (ESET)
• Group 74 (Cisco Talos Intelligence)
• IRON TWILIGHT (Secureworks)
• Strontium (formerly used by Microsoft)
• Forest Blizzard (Microsoft)
• Pawn Storm (Trend Micro)
• Swallowtail (Symantec)
• BlueDelta (Recorded Future)
• UAC-0028 (CERT-UA)
• TA422 (Proofpoint)
• Fighting Ursa (Unit 42)
• FROZENLAKE (Google Threat Analysis Group)

Links

• CISA:
  • APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers (April 18, 2023)
• U.S. Department of Justice:
  • Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU) (February 15, 2024)
  • Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices (May 23, 2018)
• U.S. State Department: The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States (May 3, 2024)
• U.S. Department of Defense: Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments (PDF, July 1, 2021)
• NSA: Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations (February 27, 2024)
• United Kingdom:
  • UK enforces new sanctions against Russia for cyber attack on German Parliament (October 22, 2020)
  • Minister for Europe statement: attempted hacking of the OPCW by Russian military intelligence (October 4, 2018)
• NCSC-UK:
  • Malware Analysis Report: Jaguar Tooth (PDF, April 18, 2023)