APT28 is a state-integrated hacking group: Based on the reports about the group’s alleged political affiliations and several indictments against GRU agents, which claim to identify APT28 members, the group is considered a de facto agent of the Russian state, more specifically its military intelligence branch (GRU). Furthermore, its extensive operations against defence ministries, NATO installations, and the defence sector closely reflect the strategic and geopolitical interests of the Russian government. With respect to aligning interests, CrowdStrike concluded that data stolen during intrusions by APT28 has been leaked in support of Russian state information operation efforts (see entries on incident type and landmark incidents below). Researchers from Trend Micro assessed that, in earlier stages, APT28 repeatedly carried out operations against Russian citizens who fit regime characterizations of dissidents. Targeting of the latter more typically fits in with patterns of Russia’s domestic security services.