APT28 Description

The APT28 (Advanced Persistent Threat) is a hacking group that originates from Russia. Their activity dates as far back as the mid-2000s. Malware researchers believe that the APT28 group’s campaigns are funded by the Kremlin, as they usually target foreign political actors. The APT28 hacking group is best known as Fancy Bear, but it also is recognized under various other aliases – Sofacy Group, STRONTIUM, Sednit, Pawn Storm and Tsar Team.

The Infamous Hacking Campaigns Carried Out by Fancy Bear

Experts believe that the Fancy Bear had a hand in the 2016 Democratic National Committee hack, which some believe had some influence on the outcome of the Presidential Elections taking place the same year. During the same year, the Fancy Bear group also targeted the World Anti-Doping Agency because of the scandal involving Russian athletes. The data that Fancy Bear obtained was then published and available publicly. The data revealed that some of the athletes who tested positive for doping were later exempted. The report of the World Anti-doping Agency stated that the illicit substances were meant for ‘therapeutic use.’ In the period 2014 to 2017, the Fancy Bear group was involved in various campaigns targeting media personalities in the United States, Russia, Ukraine, the Baltic States and Moldova. Fancy Bear went after individuals working in media corporations, as well as independent journalists. All the targets were involved in the reporting of the Russia-Ukraine conflict that took place in Eastern Ukraine. In 2016 and 2017, Germany and France had major elections, and it is likely that the Fancy Bear group dipped their fingers in these pies too. Officials from both countries reported that a campaign using spear-phishing emails as infection vectors took place, but they stated that there were no consequences of the hacking attack.

Fancy Bear’s Tools

To evade the prying eyes of cybersecurity researchers, the Fancy Bear hacking group makes sure to alter their C&C (Command and Control) infrastructure regularly. The group has an impressive arsenal of hacking tools, which they have built privately – X-Agent, Xtunnel, Sofacy, JHUHUGIT, DownRange and CHOPSTICK. Often, instead of direct propagation, Fancy Bear prefers to host its malware on third-party websites, which they build to imitate legitimate pages to trick their victims.

Fancy Bear is one of the most ill-famed hacking groups, and there are no indications that they will halt their campaigns any time soon. The Russian government is known to use the services of hacking groups, and Fancy Bear is one of the highest-tier hacking groups out there.

Do You Suspect Your Computer May Be Infected with APT28 & Other Threats? Scan Your Computer with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like APT28 as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.