| SYMBOL | COMMON_NAME | aka. SYNONYMS |
The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.
| 2025-04-29
⋅
CERT-FR
⋅
Targeting and Compromise of French Entities Using the APT28 Intrusion Set STEELHOOK MASEPIE Mocky LNK OCEANMAP |
| 2024-12-31
⋅
Maverits
⋅
APT28 the long hand of Russian interests MooBot STEELHOOK MASEPIE HATVIBE CredoMap Headlace OCEANMAP |
| 2024-11-22
⋅
Volexity
⋅
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access APT28 |
| 2024-05-30
⋅
Recorded Future
⋅
GRU's BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns Mocky LNK |
| 2024-05-30
⋅
Recorded Future
⋅
GRU’s BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns Mocky LNK |
| 2024-04-22
⋅
Microsoft
⋅
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials GooseEgg |
| 2024-04-16
⋅
Mandiant
⋅
APT44: Unearthing Sandworm VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm |
| 2024-03-18
⋅
The Hacker News
⋅
APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme MASEPIE OCEANMAP |
| 2024-01-31
⋅
Trend Micro
⋅
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets Mocky LNK Unidentified 114 (APT28 InfoStealer) |
| 2024-01-29
⋅
HarfangLab
⋅
Compromised Routers Are Still Leveraged as Malicious Infrastructure to Target Government Organizations in Europe and the Caucasus MASEPIE OCEANMAP |
| 2024-01-25
⋅
JSAC 2024
⋅
Threat Intelligence of Abused Public Post-Exploitation Frameworks AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver |
| 2024-01-10
⋅
Medium knight0x07
⋅
Analyzing APT28’s OCEANMAP Backdoor & Exploring its C2 Server Artifacts OCEANMAP |
| 2023-12-28
⋅
⋅
Cert-UA
⋅
APT28: From initial attack to creating threats to a domain controller in an hour STEELHOOK MASEPIE OCEANMAP |
| 2023-11-09
⋅
Mandiant
⋅
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology CaddyWiper |
| 2023-10-26
⋅
⋅
ANSSI
⋅
Attack Campaigns of APT28 since 2021 CredoMap DriveOcean Empire Downloader Graphite MimiKatz Mocky LNK reGeorg |
| 2023-09-06
⋅
Zscaler
⋅
Steal-It Campaign Mocky LNK |
| 2023-07-12
⋅
Mandiant
⋅
The GRU's Disruptive Playbook CaddyWiper INDUSTROYER2 XakNet |
| 2023-06-23
⋅
BluePurple
⋅
Bluepurple Pulse: week ending June 25th APT28 |
| 2023-04-28
⋅
⋅
Cert-UA
⋅
APT28 cyberattack: distribution of emails with "instructions" on "updating the operating system" (CERT-UA#6562) Mocky LNK |
| 2023-04-19
⋅
Microsoft
⋅
Exploring STRONTIUM's Abuse of Cloud Services FusionDrive |
| 2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
| 2023-03-15
⋅
Microsoft
⋅
A year of Russian hybrid warfare in Ukraine CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate |
| 2023-02-16
⋅
Google
⋅
Fog of war: how the Ukraine conflict transformed the cyber threat landscape APT28 Ghostwriter SaintBear Sandworm Turla |
| 2023-02-15
⋅
Google
⋅
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla |
| 2023-01-27
⋅
⋅
Cert-UA
⋅
Cyber attack on the Ukrinform information and communication system CaddyWiper |
| 2023-01-24
⋅
Fortinet
⋅
The Year of the Wiper Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar |
| 2022-12-27
⋅
Palo Alto Networks Unit 42
⋅
Navigating the Vast Ocean of Sandbox Evasions TrickBot Zebrocy |
| 2022-12-09
⋅
cocomelonc
⋅
Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example. Attor Zebrocy |
| 2022-12-03
⋅
Microsoft
⋅
Preparing for a Russian cyber offensive against Ukraine this winter CaddyWiper HermeticWiper Prestige |
| 2022-10-24
⋅
Youtube (Virus Bulletin)
⋅
Russian wipers in the cyberwar against Ukraine AcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard INDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate |
| 2022-09-27
⋅
SecurityScorecard
⋅
A Deep Dive Into the APT28’s stealer called CredoMap CredoMap |
| 2022-09-26
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 3: Input/Output Controls CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-09-23
⋅
Mandiant
⋅
GRU: Rise of the (Telegram) MinIOns ArguePatch CaddyWiper XakNet |
| 2022-09-23
⋅
Cluster25
⋅
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants Graphite |
| 2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
| 2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
| 2022-08-12
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 1: Common Techniques Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-07-19
⋅
Google
⋅
Continued cyber activity in Eastern Europe observed by TAG CyberAzov APT28 Callisto Ghostwriter Sandworm Turla |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Fighting Ursa Cannon Zebrocy APT28 |
| 2022-06-26
⋅
Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022 Cobalt Strike CredoMap EnvyScout |
| 2022-06-20
⋅
⋅
Cert-UA
⋅
APT28 cyberattack using CredoMap malware (CERT-UA#4843) CredoMap |
| 2022-05-27
⋅
⋅
PTSecurity
⋅
How bootkits are implemented in modern firmware and how UEFI differs from Legacy BIOS LoJax MoonBounce |
| 2022-05-02
⋅
AT&T
⋅
Analysis on recent wiper attacks: examples and how wiper malware works AcidRain CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper |
| 2022-04-28
⋅
Fortinet
⋅
An Overview of the Increasing Wiper Malware Threat AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare |
| 2022-04-27
⋅
Microsoft
⋅
Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate |
| 2022-04-12
⋅
Max Kersten's Blog
⋅
Ghidra script to handle stack strings CaddyWiper PlugX |
| 2022-04-12
⋅
ESET Research
⋅
Industroyer2: Industroyer reloaded ArguePatch CaddyWiper Industroyer INDUSTROYER2 |
| 2022-04-12
⋅
Twitter (@silascutler)
⋅
Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2 CaddyWiper INDUSTROYER2 |
| 2022-04-12
⋅
⋅
Cert-UA
⋅
Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435) CaddyWiper Industroyer INDUSTROYER2 |
| 2022-04-12
⋅
ESET Research
⋅
Industroyer2: Industroyer reloaded CaddyWiper INDUSTROYER2 |
| 2022-04-10
⋅
Brandefense
⋅
Zebrocy Malware Technical Analysis Report Zebrocy |
| 2022-04-05
⋅
Morphisec
⋅
New Analysis: The CaddyWiper Malware Attacking Ukraine CaddyWiper |
| 2022-04-01
⋅
splunk
⋅
Threat Update: CaddyWiper CaddyWiper |
| 2022-03-31
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: CaddyWiper CaddyWiper |
| 2022-03-26
⋅
n0p Blog
⋅
Analysis of a Caddy Wiper Sample Targeting Ukraine CaddyWiper |
| 2022-03-25
⋅
GOV.UA
⋅
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22 Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT |
| 2022-03-24
⋅
NextGov
⋅
Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid CaddyWiper DoubleZero HermeticWiper IsaacWiper |
| 2022-03-18
⋅
Malwarebytes
⋅
Double header: IsaacWiper and CaddyWiper CaddyWiper IsaacWiper |
| 2022-03-17
⋅
NioGuard
⋅
Analysis of CaddyWiper CaddyWiper |
| 2022-03-16
⋅
Cyber Security News
⋅
Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations CaddyWiper |
| 2022-03-15
⋅
ESET Research
⋅
CaddyWiper: New wiper malware discovered in Ukraine CaddyWiper |
| 2022-03-15
⋅
SecurityAffairs
⋅
CaddyWiper, a new data wiper hits Ukraine CaddyWiper |
| 2022-03-15
⋅
Twitter (@HackNPatch)
⋅
Tweet on Exploring CaddyWiper API resolution CaddyWiper |
| 2022-03-15
⋅
TRUESEC
⋅
Analysis of CaddyWiper, wiper targeting Ukraine CaddyWiper |
| 2022-03-15
⋅
SecurityIntelligence
⋅
CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations CaddyWiper |
| 2022-03-15
⋅
Cisco
⋅
Threat Advisory: CaddyWiper CaddyWiper |
| 2022-03-15
⋅
The Hacker News
⋅
CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks CaddyWiper |
| 2022-03-14
⋅
Cybernews
⋅
New destructive wiper malware deployed in Ukraine CaddyWiper |
| 2022-03-14
⋅
Twitter (@ESETresearch)
⋅
Tweet on CaddyWiper as 3rd destructive wiper found deployed against Ukraine CaddyWiper Sunglow Blizzard |
| 2022-03-14
⋅
Bleeping Computer
⋅
New CaddyWiper data wiping malware hits Ukrainian networks CaddyWiper |
| 2022-02-28
⋅
Microsoft
⋅
Cyber threat activity in Ukraine: analysis and resources CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586 |
| 2022-01-25
⋅
Trellix
⋅
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign Graphite |
| 2022-01-11
⋅
ESET Research
⋅
Signed kernel drivers – Unguarded gateway to Windows’ core InvisiMole LoJax RobinHood Slingshot |
| 2021-10-26
⋅
Kaspersky
⋅
APT attacks on industrial organizations in H1 2021 8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy |
| 2021-07-27
⋅
Blackberry
⋅
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy |
| 2021-06-15
⋅
vmware
⋅
Detecting UEFI Bootkits in the Wild (Part 1) LoJax MosaicRegressor TrickBot |
| 2021-05-20
⋅
Github (microsoft)
⋅
Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy |
| 2021-04-19
⋅
Sentinel LABS
⋅
A Deep Dive into Zebrocy’s Dropper Docs Downdelph |
| 2021-03-18
⋅
PRODAFT Threat Intelligence
⋅
SilverFish GroupThreat Actor Report Cobalt Strike Dridex Koadic |
| 2021-02-25
⋅
Intezer
⋅
Year of the Gopher A 2020 Go Malware Round-Up NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
| 2021-02-24
⋅
Malwarebytes
⋅
LazyScripter: From Empire to double RAT Octopus Koadic |
| 2021-01-13
⋅
AlienVault
⋅
A Global Perspective of the SideWinder APT 8.t Dropper Koadic SideWinder |
| 2021-01-01
⋅
Threat Profile: GOLD DRAKE Cobalt Strike Dridex FriedEx Koadic MimiKatz WastedLocker Evil Corp |
| 2020-12-17
⋅
Trend Micro
⋅
Pawn Storm’s Lack of Sophistication as a Strategy DriveOcean |
| 2020-12-09
⋅
Intezer
⋅
A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy Zebrocy |
| 2020-11-28
⋅
pat_h/to/file
⋅
Hunting Koadic Pt. 2 - JARM Fingerprinting Koadic |
| 2020-10-29
⋅
US-CERT
⋅
Malware Analysis Report (AR20-303B): ZEBROCY Backdoor Zebrocy |
| 2020-10-23
⋅
⋅
360
⋅
APT28携小众压缩包诱饵对北约、中亚目标的定向攻击分析 Zebrocy |
| 2020-09-22
⋅
QuoScient
⋅
APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure Zebrocy APT28 |
| 2020-09-22
⋅
Bleeping Computer
⋅
Russian hackers use fake NATO training docs to breach govt networks Zebrocy APT28 |
| 2020-09-10
⋅
Microsoft
⋅
STRONTIUM: Detecting new patterns in credential harvesting APT28 |
| 2020-09-10
⋅
Kaspersky Labs
⋅
An overview of targeted attacks and APTs on Linux Cloud Snooper Dacls DoubleFantasy MESSAGETAP Penquin Turla Tsunami elf.wellmess X-Agent |
| 2020-09-01
⋅
Twitter (@Vishnyak0v)
⋅
Tweet on sample discovery Unidentified 078 (Zebrocy Nim Loader?) |
| 2020-07-29
⋅
Kaspersky Labs
⋅
APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
| 2020-07-01
⋅
⋅
360
⋅
游走在东欧和中亚的奇幻熊 Zebrocy |
| 2020-06-09
⋅
Kaspersky Labs
⋅
Looking at Big Threats Using Code Similarity. Part 1 Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel |
| 2020-05-21
⋅
PICUS Security
⋅
T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
| 2020-03-20
⋅
Bitdefender
⋅
5 Times More Coronavirus-themed Malware Reports during March ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos |
| 2020-02-13
⋅
Qianxin
⋅
APT Report 2019 Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
| 2020-01-09
⋅
Github (zerosum0x0)
⋅
Koadic Koadic |
| 2020-01-01
⋅
Secureworks
⋅
GOLD DRAKE Dridex Empire Downloader FriedEx Koadic MimiKatz |
| 2020-01-01
⋅
Secureworks
⋅
IRON TWILIGHT X-Agent X-Agent X-Agent Computrace HideDRV Sedreco Seduploader X-Agent XTunnel Zebrocy Zebrocy (AutoIT) |
| 2020-01-01
⋅
Secureworks
⋅
COBALT TRINITY POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33 |
| 2020-01-01
⋅
Secureworks
⋅
COBALT ULSTER POWERSTATS Koadic MuddyWater |
| 2019-12-05
⋅
Marco Ramilli's Blog
⋅
APT28 Attacks Evolution APT28 |
| 2019-10-24
⋅
MeltX0R Security
⋅
10/24/2019 - APT28: Targeted attacks against mining corporations in Kazakhstan Zebrocy |
| 2019-09-24
⋅
ESET Research
⋅
No summer vacations for Zebrocy Zebrocy |
| 2019-08-28
⋅
Cylance
⋅
Inside the APT28 DLL Backdoor Blitz PocoDown |
| 2019-08-01
⋅
Kaspersky Labs
⋅
APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
| 2019-07-10
⋅
Cylance
⋅
Flirting With IDA and APT28 PocoDown |
| 2019-06-03
⋅
Kaspersky Labs
⋅
Zebrocy’s Multilanguage Malware Salad Zebrocy |
| 2019-05-22
⋅
ESET Research
⋅
A journey to Zebrocy land Zebrocy |
| 2019-05-20
⋅
Check Point
⋅
Malware Against the C Monoculture AdWind jRAT GhostMiner Zebrocy |
| 2019-05-18
⋅
Twitter (@cyb3rops)
⋅
Tweet on YARA and APT28 PocoDown |
| 2019-04-18
⋅
Yoroi
⋅
APT28 and Upcoming Elections: Evidence of Possible Interference (Part II) Seduploader |
| 2019-04-01
⋅
⋅
Macnica Networks
⋅
Trends in Cyber Espionage Targeting Japan 2nd Half of 2018 Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy |
| 2019-02-20
⋅
Washington Post
⋅
Microsoft says it has found another Russian operation targeting prominent think tanks APT28 |
| 2019-02-13
⋅
Accenture Security
⋅
SNAKEMACKEREL: Threat Campaign Likely Targeting NATO Members, Defense and Military Outlets APT28 |
| 2019-01-24
⋅
Kaspersky Labs
⋅
GreyEnergy’s overlap with Zebrocy GreyEnergy Zebrocy |
| 2019-01-11
⋅
Kaspersky Labs
⋅
A Zebrocy Go Downloader Zebrocy |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
APT 28 APT28 |
| 2019-01-01
⋅
MITRE
⋅
Group description: APT28 APT28 |
| 2018-12-21
⋅
APT28 / Sofacy – SedUploader under the Christmas tree Seduploader |
| 2018-12-21
⋅
Let's Learn: In-Depth on APT28/Sofacy Zebrocy Golang Loader Zebrocy |
| 2018-12-18
⋅
paloalto Networks Unit 42
⋅
Sofacy Creates New ‘Go’ Variant of Zebrocy Tool Zebrocy |
| 2018-12-12
⋅
Palo Alto Networks Unit 42
⋅
Dear Joohn: The Sofacy Group’s Global Campaign APT28 |
| 2018-12-10
⋅
Vitali Kremez Blog
⋅
Let's Learn: Reviewing Sofacy's "Zebrocy" C++ Loader: Advanced Insight Zebrocy |
| 2018-11-29
⋅
Accenture
⋅
Snakemackerel delivers Zekapab malware Zebrocy APT28 |
| 2018-11-27
⋅
Vitali Kremez Blog
⋅
Let's Learn: In-Depth on Sofacy Cannon Loader/Backdoor Review Cannon |
| 2018-11-20
⋅
Palo Alto Networks Unit 42
⋅
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan Cannon |
| 2018-11-20
⋅
Palo Alto Networks Unit 42
⋅
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan APT28 |
| 2018-11-20
⋅
ESET Research
⋅
Sednit: What’s going on with Zebrocy? Zebrocy |
| 2018-11-05
⋅
Youtube (MSRC)
⋅
BlueHat v18 || First STRONTIUM UEFI Rootkit Unveiled LoJax |
| 2018-10-04
⋅
NCSC UK
⋅
Indicators of Compromise for Malware used by APT28 X-Tunnel (.NET) |
| 2018-10-04
⋅
Unknown
⋅
Russian hackers accused of targeting UN chemical weapons watchdog, MH17 files APT28 |
| 2018-10-04
⋅
Symantec
⋅
APT28: New Espionage Operations Target Military and Government Organizations LoJax Seduploader X-Agent XTunnel Zebrocy APT28 |
| 2018-10-04
⋅
NCSC UK
⋅
Indicators of Compromise for Malware used by APT28 X-Agent |
| 2018-10-04
⋅
Symantec
⋅
APT28: New Espionage Operations Target Military and Government Organizations XTunnel |
| 2018-09-27
⋅
Bleeping Computer
⋅
APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild APT28 |
| 2018-09-27
⋅
ESET Research
⋅
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group APT28 |
| 2018-09-01
⋅
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group LoJax |
| 2018-08-26
⋅
SecJuice
⋅
Remember Fancy Bear? OLDBAIT |
| 2018-08-21
⋅
Bleeping Computer
⋅
Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections APT28 |
| 2018-08-21
⋅
BBC
⋅
Microsoft claims win over 'Russian political hackers' APT28 |
| 2018-08-20
⋅
Microsoft
⋅
We are taking new steps against broadening threats to democracy APT28 |
| 2018-06-06
⋅
Palo Alto Networks Unit 42
⋅
Sofacy Group’s Parallel Attacks Koadic Zebrocy |
| 2018-05-23
⋅
Department of Justice
⋅
Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices VPNFilter APT28 |
| 2018-05-15
⋅
Reuters
⋅
Swedish sports body says anti-doping unit hit by hacking attack APT28 |
| 2018-05-08
⋅
AP News
⋅
Russian hackers posed as IS to threaten military wives APT28 |
| 2018-05-01
⋅
NetScout
⋅
Lojack Becomes a Double-Agent Computrace |
| 2018-04-24
⋅
ESET Research
⋅
Sednit update: Analysis of Zebrocy Zebrocy Zebrocy (AutoIT) |
| 2018-02-28
⋅
Palo Alto Networks Unit 42
⋅
Sofacy Attacks Multiple Government Entities APT28 |
| 2018-02-20
⋅
Kaspersky Labs
⋅
A Slice of 2017 Sofacy Activity X-Agent Seduploader X-Agent Zebrocy Zebrocy (AutoIT) APT28 |
| 2018-01-10
⋅
Wired
⋅
Hack Brief: Russian Hackers Release Apparent IOC Emails in Wake of Olympic Ban APT28 |
| 2018-01-01
⋅
Accenture Security
⋅
SNAKEMACKEREL - A BREXIT-themed lure document that delivers ZEKAPAB malware APT28 |
| 2017-12-21
⋅
ESET Research
⋅
Sednit update: How Fancy Bear Spent the Year Seduploader X-Agent |
| 2017-10-22
⋅
Cisco
⋅
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict Seduploader |
| 2017-10-19
⋅
Proofpoint
⋅
APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed Seduploader |
| 2017-08-13
⋅
Analysis of APT28 hospitality malware (Part 2) Seduploader |
| 2017-08-11
⋅
FireEye
⋅
APT28 Targets Hospitality Sector, Presents Threat to Travelers Seduploader |
| 2017-05-09
⋅
ESET Research
⋅
Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy Seduploader |
| 2017-04-26
⋅
Handelsblatt
⋅
Russia-linked Hackers Target German Political Foundations APT28 |
| 2017-04-03
⋅
VOA
⋅
IAAF Says It Has Been Hacked, Athlete Medical Info Accessed APT28 |
| 2017-03-23
⋅
Twitter (PhysicalDrive0)
⋅
Tweet on XAgent for macOS X-Agent |
| 2017-03-02
⋅
Laboratory of Cryptography and System Security
⋅
Update on the Fancy Bear Android malware (poprd30.apk) X-Agent |
| 2017-02-21
⋅
Bitdefender
⋅
Dissecting the APT28 Mac OS X Payload X-Agent |
| 2017-02-20
⋅
Contagio Dump
⋅
Part I. Russian APT - APT28 collection of samples including OSX XAgent X-Agent Komplex Coreshell Downdelph HideDRV SEADADDY Sedreco Seduploader X-Agent XTunnel |
| 2017-02-14
⋅
Palo Alto Networks Unit 42
⋅
XAgentOSX: Sofacy’s XAgent macOS Tool X-Agent |
| 2017-02-04
⋅
⋅
de Volkskrant
⋅
Russen faalden bij hackpogingen ambtenaren op Nederlandse ministeries APT28 |
| 2017-01-10
⋅
FireEye
⋅
APT28: At The Center Of The Storm Coreshell OLDBAIT Sedreco Seduploader X-Agent |
| 2017-01-03
⋅
CrySyS Lab
⋅
Technical details on the Fancy Bear Android malware (poprd30.apk) X-Agent |
| 2017-01-01
⋅
Objective-See
⋅
Mac Malware of 2016 KeRanger Keydnap Komplex Laoshu MacInstaller MacVX Mokes WireLurker XSLCmd |
| 2016-12-15
⋅
Palo Alto Networks Unit 42
⋅
Let It Ride: The Sofacy Group’s DealersChoice Attacks Continue APT28 |
| 2016-10-20
⋅
ESET Research
⋅
En Route with Sednit Part 2: Observing the Comings and Goings X-Agent Sedreco X-Agent XTunnel |
| 2016-10-17
⋅
Palo Alto Networks Unit 42
⋅
‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform APT28 |
| 2016-10-10
⋅
BBC
⋅
How France's TV5 was almost destroyed by 'Russian hackers' APT28 |
| 2016-09-27
⋅
Malwarebytes
⋅
Komplex Mac backdoor answers old questions Komplex |
| 2016-09-26
⋅
Palo Alto Networks Unit 42
⋅
Sofacy’s ‘Komplex’ OS X Trojan Komplex |
| 2016-09-26
⋅
Palo Alto Networks Unit 42
⋅
Sofacy’s ‘Komplex’ OS X Trojan APT28 |
| 2016-09-20
⋅
Deutsche Welle
⋅
Hackers lurking, parliamentarians told APT28 |
| 2016-09-11
⋅
ESET Research
⋅
En Route with Sednit - Part 3: A Mysterious Downloader Downdelph |
| 2016-08-23
⋅
International Business Times
⋅
Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say APT28 |
| 2016-08-01
⋅
ESET Research
⋅
En Route with Sednit - Part 1: Approaching the Target Komplex Seduploader |
| 2016-06-15
⋅
CrowdStrike
⋅
Bears in the Midst: Intrusion into the Democratic National Committee X-Agent ATI-Agent SEADADDY Seduploader X-Agent XTunnel APT28 |
| 2016-06-14
⋅
Palo Alto Networks Unit 42
⋅
New Sofacy Attacks Against US Government Agency APT28 |
| 2016-06-14
⋅
Palo Alto Networks Unit 42
⋅
New Sofacy Attacks Against US Government Agency Seduploader APT28 |
| 2016-02-12
⋅
Palo Alto Networks Unit 42
⋅
A Look Into Fysbis: Sofacy’s Linux Backdoor X-Agent |
| 2016-02-12
⋅
Palo Alto Networks Unit 42
⋅
A Look Into Fysbis: Sofacy’s Linux Backdoor X-Agent |
| 2016-01-01
⋅
FireEye
⋅
MATRYOSHKA MINING APT28 |
| 2015-12-17
⋅
Bitdefender
⋅
APT28 Under the Scope: A Journey into Exfiltrating Intelligence and Government Information X-Agent XP PrivEsc (CVE-2014-4076) |
| 2015-12-04
⋅
Kaspersky Labs
⋅
Sofacy APT hits high profile targets with updated toolset Sedreco |
| 2015-12-04
⋅
Kaspersky Labs
⋅
Sofacy APT hits high profile targets with updated toolset Coreshell Sedreco Seduploader X-Agent APT28 |
| 2015-11-20
⋅
Microsoft
⋅
Microsoft Security Intelligence Report Volume 19 XTunnel |
| 2015-10-22
⋅
Trend Micro
⋅
Pawn Storm Targets MH17 Investigation Team APT28 |
| 2015-10-13
⋅
Trend Micro
⋅
New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries Seduploader |
| 2015-10-13
⋅
Trend Micro
⋅
New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries APT28 |
| 2015-09-01
⋅
Wikipedia
⋅
Fancy Bear APT28 |
| 2015-09-01
⋅
Wikipedia
⋅
Fancy Bear APT28 |
| 2015-08-27
⋅
Electronic Frontier Foundation
⋅
New Spear Phishing Campaign Pretends to be EFF APT28 |
| 2015-08-01
⋅
root9b
⋅
TECHNICAL FOLLOW UP - APT28 XTunnel |
| 2015-06-19
⋅
Netzpolitik.org
⋅
Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag XTunnel APT28 |
| 2015-06-19
⋅
London South East
⋅
Russian Hackers Suspected In Cyberattack On German Parliament APT28 |
| 2015-04-18
⋅
FireEye
⋅
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack APT28 |
| 2015-02-04
⋅
Trend Micro
⋅
Pawn Storm Update: iOS Espionage App Found X-Agent |
| 2014-11-10
⋅
Blaze's Security Blog
⋅
Thoughts on Absolute Computrace Computrace |
| 2014-10-27
⋅
Trend Micro
⋅
Operation Pawn Storm: Using Decoys to Evade Detection Sedreco Seduploader APT28 |
| 2014-09-05
⋅
Google
⋅
Peering Into the Aquarium: Analysis of a Sophisticated Multi-Stage Malware Family X-Agent |
| 2014-08-11
⋅
⋅
mht, MS12-27 and * malware * .info Coreshell |
| 2014-01-01
⋅
FireEye
⋅
APT28 Coreshell Sedreco X-Agent |
| 2014-01-01
⋅
FireEye
⋅
APT28: A Windows into Russia's Cyber Espionage Operations? OLDBAIT |
| 2012-12-15
⋅
Malware Reversing Blog
⋅
Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1) Coreshell |
| 2012-12-15
⋅
Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2) Sedreco |
| 2010-05-31
⋅
Trend Micro
⋅
SASFIS Malware Uses a New Trick APT28 |