SYMBOLCOMMON_NAMEaka. SYNONYMS

APT28  (Back to overview)

aka: APT 28, APT-C-20, ATK5, Blue Athena, FANCY BEAR, FROZENLAKE, Fighting Ursa, Forest Blizzard, G0007, Grey-Cloud, Grizzly Steppe, Group 74, Group-4127, IRON TWILIGHT, ITG05, Pawn Storm, SIG40, SNAKEMACKEREL, STRONTIUM, Sednit, Sofacy, Swallowtail, T-APT-12, TA422, TG-4127, Tsar Team, TsarTeam, UAC-0028

The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.


Associated Families
apk.popr-d30 elf.xagent ios.xagent osx.komplex osx.xagent py.masepie win.arguepatch win.cannon win.computrace win.coreshell win.credomap win.downdelph win.driveocean win.fusiondrive win.graphite win.koadic win.lojax win.mocky_lnk win.oceanmap win.oldbait win.pocodown win.sedreco win.seduploader win.unidentified_078 win.unidentified_114 win.xagent win.xp_privesc win.xtunnel win.xtunnel_net win.zebrocy win.zebrocy_au3 win.gooseegg win.caddywiper

References
2024-04-22MicrosoftMicrosoft Threat Intelligence
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
GooseEgg
2024-04-16MandiantAlden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm
2024-03-18The Hacker NewsNewsroom
APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme
MASEPIE OCEANMAP
2024-01-31Trend MicroFeike Hacquebord, Fernando Mercês
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
Mocky LNK Unidentified 114 (APT28 InfoStealer)
2024-01-29HarfangLabHarfangLab CTR
Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus
MASEPIE OCEANMAP
2024-01-25JSAC 2024Masafumi Takeda, Tomoya Furukawa
Threat Intelligence of Abused Public Post-Exploitation Frameworks
AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver
2024-01-10Medium knight0x070x4427, knight0x07
Analyzing APT28’s OCEANMAP Backdoor & Exploring its C2 Server Artifacts
OCEANMAP
2023-12-28Cert-UACert-UA
APT28: From initial attack to creating threats to a domain controller in an hour
MASEPIE OCEANMAP
2023-11-09MandiantChris Sistrunk, Daniel Kapellmann Zafra, Jared Wilson, John Wolfram, Keith Lunden, Ken Proska, Nathan Brubaker, Tyler McLellan
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
CaddyWiper
2023-10-26ANSSIANSSI
Attack Campaigns of APT28 since 2021
CredoMap DriveOcean Empire Downloader Graphite MimiKatz Mocky LNK reGeorg
2023-09-06ZscalerAvinash Kumar, Niraj Shivtarkar
Steal-It Campaign
Mocky LNK
2023-07-12MandiantDan Black, Gabby Roncone
The GRU's Disruptive Playbook
CaddyWiper INDUSTROYER2 XakNet
2023-04-28Cert-UACert-UA
APT28 cyberattack: distribution of emails with "instructions" on "updating the operating system" (CERT-UA#6562)
Mocky LNK
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2023-04-18MandiantMandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-03-15MicrosoftMicrosoft Threat Intelligence
A year of Russian hybrid warfare in Ukraine
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate
2023-02-16GoogleShane Huntley
Fog of war: how the Ukraine conflict transformed the cyber threat landscape
APT28 Ghostwriter SaintBear Sandworm Turla
2023-02-15GoogleGoogle Threat Analysis Group, Mandiant
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape
CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla
2023-01-27Cert-UACert-UA
Cyber attack on the Ukrinform information and communication system
CaddyWiper
2023-01-24FortinetGeri Revay
The Year of the Wiper
Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar
2022-12-27Palo Alto Networks Unit 42Bob Jung, Daniel Raygoza, Esmid Idrizovic, Sean Hughes
Navigating the Vast Ocean of Sandbox Evasions
TrickBot Zebrocy
2022-12-09cocomelonccocomelonc
Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.
Attor Zebrocy
2022-12-03MicrosoftCliff Watts
Preparing for a Russian cyber offensive against Ukraine this winter
CaddyWiper HermeticWiper Prestige
2022-10-24Youtube (Virus Bulletin)Alexander Adamov
Russian wipers in the cyberwar against Ukraine
AcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard INDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate
2022-09-27SecurityScorecardVlad Pasca
A Deep Dive Into the APT28’s stealer called CredoMap
CredoMap
2022-09-26CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-09-23MandiantMandiant Intelligence
GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper XakNet
2022-09-23Cluster25Cluster25
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
Graphite
2022-08-18TrustwavePawel Knapczyk
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket
2022-08-18TrustwavePawel Knapczyk
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket
2022-08-12CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-07-19GoogleBilly Leonard
Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla
2022-07-18Palo Alto Networks Unit 42Unit 42
Fighting Ursa
Cannon Zebrocy APT28
2022-06-26BushidoToken
Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022
Cobalt Strike CredoMap EnvyScout
2022-06-20Cert-UACert-UA
APT28 cyberattack using CredoMap malware (CERT-UA#4843)
CredoMap
2022-05-27PTSecurityAleksey Vishnyakov, Anton Belousov
How bootkits are implemented in modern firmware and how UEFI differs from Legacy BIOS
LoJax MoonBounce
2022-05-02AT&TFernando Martinez
Analysis on recent wiper attacks: examples and how wiper malware works
AcidRain CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper
2022-04-28FortinetGergely Revay
An Overview of the Increasing Wiper Malware Threat
AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare
2022-04-27MicrosoftMicrosoft Digital Security Unit (DSU)
Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine
CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate
2022-04-12Max Kersten's BlogMax Kersten
Ghidra script to handle stack strings
CaddyWiper PlugX
2022-04-12ESET ResearchESET Research
Industroyer2: Industroyer reloaded
ArguePatch CaddyWiper Industroyer INDUSTROYER2
2022-04-12Twitter (@silascutler)Silas Cutler
Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2
CaddyWiper INDUSTROYER2
2022-04-12Cert-UACert-UA
Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)
CaddyWiper Industroyer INDUSTROYER2
2022-04-12ESET ResearchESET Ireland
Industroyer2: Industroyer reloaded
CaddyWiper INDUSTROYER2
2022-04-10BrandefenseBrandefense
Zebrocy Malware Technical Analysis Report
Zebrocy
2022-04-05MorphisecMichael Dereviashkin
New Analysis: The CaddyWiper Malware Attacking Ukraine
CaddyWiper
2022-04-01splunkSplunk Threat Research Team
Threat Update: CaddyWiper
CaddyWiper
2022-03-31eSentireeSentire Threat Response Unit (TRU)
eSentire Threat Intelligence Malware Analysis: CaddyWiper
CaddyWiper
2022-03-26n0p BlogAli Mosajjal
Analysis of a Caddy Wiper Sample Targeting Ukraine
CaddyWiper
2022-03-25GOV.UAState Service of Special Communication and Information Protection of Ukraine (CIP)
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22
Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT
2022-03-24NextGovBrandi Vincent
Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid
CaddyWiper DoubleZero HermeticWiper IsaacWiper
2022-03-18MalwarebytesThreat Intelligence Team
Double header: IsaacWiper and CaddyWiper
CaddyWiper IsaacWiper
2022-03-17NioGuardNioGuard Security Lab
Analysis of CaddyWiper
CaddyWiper
2022-03-16Cyber Security NewsGurubaran
Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations
CaddyWiper
2022-03-15ESET ResearchESET Research
CaddyWiper: New wiper malware discovered in Ukraine
CaddyWiper
2022-03-15SecurityAffairsPierluigi Paganini
CaddyWiper, a new data wiper hits Ukraine
CaddyWiper
2022-03-15Twitter (@HackNPatch)HackNPatch
Tweet on Exploring CaddyWiper API resolution
CaddyWiper
2022-03-15TRUESECNicklas Keijser
Analysis of CaddyWiper, wiper targeting Ukraine
CaddyWiper
2022-03-15SecurityIntelligenceChristopher Del Fierro, John Dwyer
CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CaddyWiper
2022-03-15CiscoCisco Talos
Threat Advisory: CaddyWiper
CaddyWiper
2022-03-15The Hacker NewsRavie Lakshmanan
CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks
CaddyWiper
2022-03-14CybernewsJurgita Lapienytė
New destructive wiper malware deployed in Ukraine
CaddyWiper
2022-03-14Twitter (@ESETresearch)ESET Research
Tweet on CaddyWiper as 3rd destructive wiper found deployed against Ukraine
CaddyWiper Sunglow Blizzard
2022-03-14Bleeping ComputerSergiu Gatlan
New CaddyWiper data wiping malware hits Ukrainian networks
CaddyWiper
2022-02-28MicrosoftMSRC Team
Cyber threat activity in Ukraine: analysis and resources
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586
2022-01-25TrellixAlexandre Mundo, Christiaan Beek, Leandro Velasco, Marc Elias, Max Kersten
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Graphite
2022-01-11ESET ResearchMichal Poslušný
Signed kernel drivers – Unguarded gateway to Windows’ core
InvisiMole LoJax RobinHood Slingshot
2021-10-26KasperskyKaspersky Lab ICS CERT
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy
2021-07-27BlackberryBlackBerry Research & Intelligence Team
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages
elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy
2021-05-20Github (microsoft)Microsoft
Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy
2021-04-19Sentinel LABSMarco Figueroa
A Deep Dive into Zebrocy’s Dropper Docs
Downdelph
2021-03-18PRODAFT Threat IntelligencePRODAFT
SilverFish GroupThreat Actor Report
Cobalt Strike Dridex Koadic
2021-02-25IntezerIntezer
Year of the Gopher A 2020 Go Malware Round-Up
NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy
2021-02-24MalwarebytesHossein Jazi
LazyScripter: From Empire to double RAT
Octopus Koadic
2021-01-13AlienVaultTom Hegel
A Global Perspective of the SideWinder APT
8.t Dropper Koadic SideWinder
2021-01-01SecureWorks
Threat Profile: GOLD DRAKE
Cobalt Strike Dridex FriedEx Koadic MimiKatz WastedLocker Evil Corp
2020-12-17Trend MicroFeike Hacquebord, Lord Alfred Remorin
Pawn Storm’s Lack of Sophistication as a Strategy
DriveOcean
2020-12-09IntezerJoakim Kennedy
A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy
Zebrocy
2020-11-28pat_h/to/filepat_h/to/file
Hunting Koadic Pt. 2 - JARM Fingerprinting
Koadic
2020-10-29US-CERTUS-CERT
Malware Analysis Report (AR20-303B): ZEBROCY Backdoor
Zebrocy
2020-10-23360360 Threat Intelligence Center
APT28携小众压缩包诱饵对北约、中亚目标的定向攻击分析
Zebrocy
2020-09-22QuoScientQuoIntelligence
APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
Zebrocy APT28
2020-09-22Bleeping ComputerAx Sharma
Russian hackers use fake NATO training docs to breach govt networks
Zebrocy APT28
2020-09-10MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
STRONTIUM: Detecting new patterns in credential harvesting
APT28
2020-09-10Kaspersky LabsGReAT
An overview of targeted attacks and APTs on Linux
Cloud Snooper Dacls DoubleFantasy MESSAGETAP Penquin Turla Tsunami elf.wellmess X-Agent
2020-09-01Twitter (@Vishnyak0v)Alexey Vishnyakov
Tweet on sample discovery
Unidentified 078 (Zebrocy Nim Loader?)
2020-07-29Kaspersky LabsGReAT
APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel
2020-07-01360360 Threat Intelligence Center
游走在东欧和中亚的奇幻熊
Zebrocy
2020-06-09Kaspersky LabsCostin Raiu
Looking at Big Threats Using Code Similarity. Part 1
Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel
2020-05-21PICUS SecuritySüleyman Özarslan
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE
2020-03-20BitdefenderLiviu Arsene
5 Times More Coronavirus-themed Malware Reports during March
ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos
2020-02-13QianxinQi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020-01-09Github (zerosum0x0)zerosum0x0
Koadic
Koadic
2020-01-01SecureworksSecureWorks
GOLD DRAKE
Dridex Empire Downloader FriedEx Koadic MimiKatz
2020-01-01SecureworksSecureWorks
IRON TWILIGHT
X-Agent X-Agent X-Agent Computrace HideDRV Sedreco Seduploader X-Agent XTunnel Zebrocy Zebrocy (AutoIT)
2020-01-01SecureworksSecureWorks
COBALT TRINITY
POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33
2020-01-01SecureworksSecureWorks
COBALT ULSTER
POWERSTATS Koadic MuddyWater
2019-12-05Marco Ramilli's BlogMarco Ramilli
APT28 Attacks Evolution
APT28
2019-10-24MeltX0R SecurityMeltX0R
10/24/2019 - APT28: Targeted attacks against mining corporations in Kazakhstan
Zebrocy
2019-09-24ESET ResearchESET Research
No summer vacations for Zebrocy
Zebrocy
2019-08-28CylanceCylance Threat Research Team
Inside the APT28 DLL Backdoor Blitz
PocoDown
2019-08-01Kaspersky LabsGReAT
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy
2019-07-10CylanceCylance Threat Research Team
Flirting With IDA and APT28
PocoDown
2019-06-03Kaspersky LabsGReAT
Zebrocy’s Multilanguage Malware Salad
Zebrocy
2019-05-22ESET ResearchESET Research
A journey to Zebrocy land
Zebrocy
2019-05-20Check PointBen Herzog
Malware Against the C Monoculture
AdWind jRAT GhostMiner Zebrocy
2019-05-18Twitter (@cyb3rops)Florian Roth
Tweet on YARA and APT28
PocoDown
2019-04-18YoroiZLAB-Yoroi
APT28 and Upcoming Elections: Evidence of Possible Interference (Part II)
Seduploader
2019-04-01Macnica NetworksMacnica Networks
Trends in Cyber ​​Espionage Targeting Japan 2nd Half of 2018
Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy
2019-02-20Washington PostCraig Timberg, Elizabeth Dwoskin
Microsoft says it has found another Russian operation targeting prominent think tanks
APT28
2019-02-13Accenture SecurityAccenture Security
SNAKEMACKEREL: Threat Campaign Likely Targeting NATO Members, Defense and Military Outlets
APT28
2019-01-24Kaspersky LabsKaspersky Lab ICS CERT
GreyEnergy’s overlap with Zebrocy
GreyEnergy Zebrocy
2019-01-11Kaspersky LabsGReAT
A Zebrocy Go Downloader
Zebrocy
2019-01-01Council on Foreign RelationsCyber Operations Tracker
APT 28
APT28
2019-01-01MITREMITRE ATT&CK
Group description: APT28
APT28
2018-12-21Emanuele De Lucia
APT28 / Sofacy – SedUploader under the Christmas tree
Seduploader
2018-12-21Vitali Kremez
Let's Learn: In-Depth on APT28/Sofacy Zebrocy Golang Loader
Zebrocy
2018-12-18paloalto Networks Unit 42Robert Falcone
Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
Zebrocy
2018-12-12Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Dear Joohn: The Sofacy Group’s Global Campaign
APT28
2018-12-10Vitali Kremez BlogVitali Kremez
Let's Learn: Reviewing Sofacy's "Zebrocy" C++ Loader: Advanced Insight
Zebrocy
2018-11-29AccentureMichael Yip
Snakemackerel delivers Zekapab malware
Zebrocy APT28
2018-11-27Vitali Kremez BlogVitali Kremez
Let's Learn: In-Depth on Sofacy Cannon Loader/Backdoor Review
Cannon
2018-11-20Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
Cannon
2018-11-20Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
APT28
2018-11-20ESET ResearchESET Research
Sednit: What’s going on with Zebrocy?
Zebrocy
2018-11-05Youtube (MSRC)Frédéric Vachon, Jean-Ian Boutin
BlueHat v18 || First STRONTIUM UEFI Rootkit Unveiled
LoJax
2018-10-04NCSC UKNCSC UK
Indicators of Compromise for Malware used by APT28
X-Tunnel (.NET)
2018-10-04UnknownMSN News
Russian hackers accused of targeting UN chemical weapons watchdog, MH17 files
APT28
2018-10-04SymantecCritical Attack Discovery and Intelligence Team
APT28: New Espionage Operations Target Military and Government Organizations
LoJax Seduploader X-Agent XTunnel Zebrocy APT28
2018-10-04NCSC UKNCSC UK
Indicators of Compromise for Malware used by APT28
X-Agent
2018-10-04SymantecSecurity Response Attack Investigation Team
APT28: New Espionage Operations Target Military and Government Organizations
XTunnel
2018-09-27Bleeping ComputerIonut Ilascu
APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild
APT28
2018-09-27ESET ResearchESET Research
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
APT28
2018-09-01ESET Research
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
LoJax
2018-08-26SecJuiceSecJuice
Remember Fancy Bear?
OLDBAIT
2018-08-21Bleeping ComputerCatalin Cimpanu
Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections
APT28
2018-08-21BBCBBC News
Microsoft claims win over 'Russian political hackers'
APT28
2018-08-20MicrosoftBrad Smith
We are taking new steps against broadening threats to democracy
APT28
2018-06-06Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Sofacy Group’s Parallel Attacks
Koadic Zebrocy
2018-05-23Department of JusticeOffice of Public Affairs
Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices
VPNFilter APT28
2018-05-15ReutersHugh Lawson, Niklas Pollard, Olof Swahnberg, Simon Johnson
Swedish sports body says anti-doping unit hit by hacking attack
APT28
2018-05-08AP NewsRaphael Satter
Russian hackers posed as IS to threaten military wives
APT28
2018-05-01NetScoutASERT Team
Lojack Becomes a Double-Agent
Computrace
2018-04-24ESET ResearchESET Research
Sednit update: Analysis of Zebrocy
Zebrocy Zebrocy (AutoIT)
2018-02-28Palo Alto Networks Unit 42Bryan Lee, Mike Harbison, Robert Falcone
Sofacy Attacks Multiple Government Entities
APT28
2018-02-20Kaspersky LabsGReAT
A Slice of 2017 Sofacy Activity
Seduploader APT28
2018-01-10WiredLouise Matsakis
Hack Brief: Russian Hackers Release Apparent IOC Emails in Wake of Olympic Ban
APT28
2018-01-01Accenture SecurityAccenture Security
SNAKEMACKEREL - A BREXIT-themed lure document that delivers ZEKAPAB malware
APT28
2017-12-21ESET ResearchESET Research
Sednit update: How Fancy Bear Spent the Year
Seduploader X-Agent
2017-10-22CiscoPaul Rascagnères, Vitor Ventura, Warren Mercer
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
Seduploader
2017-10-19ProofpointKafeine, Pierre T
APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed
Seduploader
2017-08-13Adam Chester
Analysis of APT28 hospitality malware (Part 2)
Seduploader
2017-08-11FireEyeBen Read, Lindsay Smith
APT28 Targets Hospitality Sector, Presents Threat to Travelers
Seduploader
2017-05-09ESET ResearchESET Research
Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy
Seduploader
2017-04-26HandelsblattDaniel Tost
Russia-linked Hackers Target German Political Foundations
APT28
2017-04-03VOAVOA
IAAF Says It Has Been Hacked, Athlete Medical Info Accessed
APT28
2017-03-23Twitter (PhysicalDrive0)PhysicalDrive0
Tweet on XAgent for macOS
X-Agent
2017-03-02Laboratory of Cryptography and System SecurityBoldizsar Bencsath
Update on the Fancy Bear Android malware (poprd30.apk)
X-Agent
2017-02-21BitdefenderBitdefender
Dissecting the APT28 Mac OS X Payload
X-Agent
2017-02-20Contagio DumpMila Parkour
Part I. Russian APT - APT28 collection of samples including OSX XAgent
X-Agent Komplex Coreshell Downdelph HideDRV SEADADDY Sedreco Seduploader X-Agent XTunnel
2017-02-14Palo Alto Networks Unit 42Robert Falcone
XAgentOSX: Sofacy’s XAgent macOS Tool
X-Agent
2017-02-04de VolkskrantHuib Modderkolk
Russen faalden bij hackpogingen ambtenaren op Nederlandse ministeries
APT28
2017-01-10FireEyeFireEye iSIGHT Intelligence
APT28: At The Center Of The Storm
Coreshell OLDBAIT Sedreco Seduploader X-Agent
2017-01-03CrySyS LabBoldizsar Bencsath
Technical details on the Fancy Bear Android malware (poprd30.apk)
X-Agent
2017-01-01Objective-SeePatrick Wardle
Mac Malware of 2016
KeRanger Keydnap Komplex Laoshu MacInstaller MacVX Mokes WireLurker XSLCmd
2016-12-15Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Let It Ride: The Sofacy Group’s DealersChoice Attacks Continue
APT28
2016-10-20ESET ResearchESET Research
En Route with Sednit Part 2: Observing the Comings and Goings
X-Agent Sedreco X-Agent XTunnel
2016-10-17Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform
APT28
2016-10-10BBCGordon Corera
How France's TV5 was almost destroyed by 'Russian hackers'
APT28
2016-09-27MalwarebytesThomas Reed
Komplex Mac backdoor answers old questions
Komplex
2016-09-26Palo Alto Networks Unit 42Dani Creus, Robert Falcone, Tyler Halfpop
Sofacy’s ‘Komplex’ OS X Trojan
Komplex
2016-09-26Palo Alto Networks Unit 42Dani Creus, Robert Falcone, Tyler Halfpop
Sofacy’s ‘Komplex’ OS X Trojan
APT28
2016-09-20Deutsche Welleipj, kl
Hackers lurking, parliamentarians told
APT28
2016-09-11ESET ResearchESET Research
En Route with Sednit - Part 3: A Mysterious Downloader
Downdelph
2016-08-23International Business TimesHyacinth Mascarenhas
Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say
APT28
2016-08-01ESET ResearchESET Research
En Route with Sednit - Part 1: Approaching the Target
Komplex Seduploader
2016-06-15CrowdStrikeDmitri Alperovitch
Bears in the Midst: Intrusion into the Democratic National Committee
X-Agent ATI-Agent SEADADDY Seduploader X-Agent XTunnel APT28
2016-06-14Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
New Sofacy Attacks Against US Government Agency
APT28
2016-06-14Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
New Sofacy Attacks Against US Government Agency
Seduploader APT28
2016-02-12Palo Alto Networks Unit 42Bryan Lee, Rob Downs
A Look Into Fysbis: Sofacy’s Linux Backdoor
X-Agent
2016-02-12Palo Alto Networks Unit 42Bryan Lee, Rob Downs
A Look Into Fysbis: Sofacy’s Linux Backdoor
X-Agent
2016-01-01FireEyeMichael Bailey
MATRYOSHKA MINING
APT28
2015-12-17BitdefenderBitdefender
APT28 Under the Scope: A Journey into Exfiltrating Intelligence and Government Information
X-Agent XP PrivEsc (CVE-2014-4076)
2015-12-04Kaspersky LabsGReAT
Sofacy APT hits high profile targets with updated toolset
Sedreco
2015-12-04Kaspersky LabsGReAT
Sofacy APT hits high profile targets with updated toolset
Coreshell Sedreco Seduploader X-Agent APT28
2015-11-20MicrosoftMicrosoft
Microsoft Security Intelligence Report Volume 19
XTunnel
2015-10-22Trend MicroFeike Hacquebord
Pawn Storm Targets MH17 Investigation Team
APT28
2015-10-13Trend MicroBrooks Li, Feike Hacquebord, Peter Pi
New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
Seduploader
2015-10-13Trend MicroBrooks Li, Feike Hacquebord, Peter Pi
New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
APT28
2015-09-01WikipediaVarious
Fancy Bear
APT28
2015-09-01WikipediaVarious
Fancy Bear
APT28
2015-08-27Electronic Frontier FoundationCooper Quintin
New Spear Phishing Campaign Pretends to be EFF
APT28
2015-08-01root9broot9b
TECHNICAL FOLLOW UP - APT28
XTunnel
2015-06-19Netzpolitik.orgClaudio Guarnieri
Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag
XTunnel APT28
2015-06-19London South EastAlliance News
Russian Hackers Suspected In Cyberattack On German Parliament
APT28
2015-04-18FireEyeChris Phillips, Corbin Souffrant, Dan Caselden, Darien Kin, Genwei Jiang, James “Tom” Bennett, Jonathan Wrolstad, Joshua Homan, Yasir Khalid
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
APT28
2015-02-04Trend MicroBrooks Hong, Feike Hacquebord, Lambert Sun
Pawn Storm Update: iOS Espionage App Found
X-Agent
2014-11-10Blaze's Security BlogBartBlaze
Thoughts on Absolute Computrace
Computrace
2014-10-27Trend MicroAlfred Remorin, Douglas Otis, Feike Hacquebord, Fernando Mercês, Jim Gogolinski, Loucif Kharouni, Numaan Huq
Operation Pawn Storm: Using Decoys to Evade Detection
Sedreco Seduploader APT28
2014-09-05GoogleBilly Leonard, Neel Mehta, Shane Huntiey
Peering Into the Aquarium: Analysis of a Sophisticated Multi-Stage Malware Family
X-Agent
2014-08-11Prevenity
mht, MS12-27 and * malware * .info
Coreshell
2014-01-01FireEyeFireEye
APT28
Coreshell Sedreco X-Agent
2014-01-01FireEyeFireEye
APT28: A Windows into Russia's Cyber Espionage Operations?
OLDBAIT
2012-12-15Malware Reversing BlogR136a1
Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1)
Coreshell
2012-12-15R136a1
Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2)
Sedreco
2010-05-31Trend MicroJoseph Cepe
SASFIS Malware Uses a New Trick
APT28

Credits: MISP Project