APT28

APT28 Description

The APT28 (Advanced Persistent Threat) is a hacking group that originates from Russia. Their activity dates as far back as the mid-2000s. Malware researchers believe that the APT28 group’s campaigns are funded by the Kremlin, as they usually target foreign political actors. The APT28 hacking group is best known as Fancy Bear, but it also is recognized under various other aliases – Sofacy Group, STRONTIUM, Sednit, Pawn Storm and Tsar Team.

The Infamous Hacking Campaigns Carried Out by Fancy Bear

Experts believe that the Fancy Bear had a hand in the 2016 Democratic National Committee hack, which some believe had some influence on the outcome of the Presidential Elections taking place the same year. During the same year, the Fancy Bear group also targeted the World Anti-Doping Agency because of the scandal involving Russian athletes. The data that Fancy Bear obtained was then published and available publicly. The data revealed that some of the athletes who tested positive for doping were later exempted. The report of the World Anti-doping Agency stated that the illicit substances were meant for ‘therapeutic use.’ In the period 2014 to 2017, the Fancy Bear group was involved in various campaigns targeting media personalities in the United States, Russia, Ukraine, the Baltic States and Moldova. Fancy Bear went after individuals working in media corporations, as well as independent journalists. All the targets were involved in the reporting of the Russia-Ukraine conflict that took place in Eastern Ukraine. In 2016 and 2017, Germany and France had major elections, and it is likely that the Fancy Bear group dipped their fingers in these pies too. Officials from both countries reported that a campaign using spear-phishing emails as infection vectors took place, but they stated that there were no consequences of the hacking attack.

Fancy Bear’s Tools

To evade the prying eyes of cybersecurity researchers, the Fancy Bear hacking group makes sure to alter their C&C (Command and Control) infrastructure regularly. The group has an impressive arsenal of hacking tools, which they have built privately – X-Agent, Xtunnel, Sofacy, JHUHUGIT, DownRange and CHOPSTICK. Often, instead of direct propagation, Fancy Bear prefers to host its malware on third-party websites, which they build to imitate legitimate pages to trick their victims.

Fancy Bear is one of the most ill-famed hacking groups, and there are no indications that they will halt their campaigns any time soon. The Russian government is known to use the services of hacking groups, and Fancy Bear is one of the highest-tier hacking groups out there.

Do You Suspect Your PC May Be Infected with APT28 & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like APT28 as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.