top of page
Search

APT28, the long hand of Russian interests


Today, Maverits is releasing a comprehensive special report on APT28, a Russian state-sponsored cyber espionage group linked to the GRU Military Unit 26165. Known for their advanced operations targeting individuals and organizations of strategic interest to the Russian government, APT28 has played a critical role in shaping Russia’s cyber warfare strategy.


This report delves into APT28’s activities since the start of the Russian war in Ukraine in 2022, analyzing their major campaigns, shifting tactics, and evolving objectives. By examining APT28, we aim to shed light on Russia’s broader geopolitical and military goals, as reflected in the group’s operations.


Key highlights from the report


  • Main Targets. Ukraine accounts for 37% of APT28’s attacks, with Europe, Central Asia and Caucasus in the focus. The group employs custom backdoors and stealers, leveraging legitimate internet services and living-off-the-land binaries (LOLBINs) for stealthy operations.

  • Cooperation with Cybercriminals. APT28 has partnered with non-state actors to exploit compromised network devices, turning them into global espionage platforms.

  • Zero-Day Exploits. APT28 continues to exploit zero-day vulnerabilities, with one major exploit linked to their preparation for the war in Ukraine.

  • Targeted Industries. Government entities, foreign affairs, and security sectors are primary targets, alongside international organizations and think tanks, reflecting APT28’s strategic objectives.

  • Espionage Objectives. Beside phishing campaigns, attacks on webmail servers, and the use of custom malware, their activities have expanded, suggesting an increasing emphasis on influence alongside traditional espionage.


This report was developed with the help of Institute of Cyber Warfare Research and Women Leadership and Strategic Initiatives Foundation at the request and with the assistance of the National Security and Defense Council of Ukraine and the National Cybersecurity Coordination Center.


Read the full report here:




Comments


Commenting has been turned off.
bottom of page