top of page

Threat Actor Profile - APT28

Threat Actor: APT28 AKA "Fancy Bear"

Date of Activity: ~2007-Present

Overview: APT28, also known as Fancy Bear, is a Russian state-sponsored hacking group that has been active since at least 2007. The group is known for targeting governments, military organizations, and businesses in various countries, including the United States and Europe.

APT28 is believed to be responsible for several high-profile cyber attacks, including the breach of the Democratic National Committee during the 2016 U.S. presidential election. The group has also been linked to attacks on the German parliament and the French television network TV5Monde.

APT28 is thought to operate as part of the Russian military intelligence agency, the GRU. The group is known for using sophisticated tools and techniques to compromise their targets, such as spear phishing and zero-day exploits. They are also known for using custom-built malware, such as the Sofacy and X-Agent malware families.

Despite being one of the most active and dangerous hacking groups in the world, little is known about the members of APT28. It is believed that the group consists of a small team of highly skilled hackers, who are well-funded and well-supported by the Russian government.

APT28 is a serious threat to governments, businesses, and individuals around the world. The group continues to use sophisticated TTPs to collect data on targets globally.


  • Nation-state tool set; to include exploits, implants, and RATs

  • Sophisticated Social engineering

  • Supply-chain interdiction and attacks

  • Implementing Human based access

  • Implementing encrypted communications and co-opted infrastructure

  • Long term access to networks with deep access

  • Highly customizable toolkit tailored for specific operations

bottom of page