Skip to content

APT Profile – APT 28

Exploiting Democratic Vulnerabilities in Cyberspace

About APT28

APT28 is a state-integrated hacking group: Based on the reports about the group’s alleged political affiliations and several indictments against GRU agents, which claim to identify APT28 members, the group is considered a de facto agent of the Russian state, more specifically its military intelligence branch (GRU). Furthermore, its extensive operations against defence ministries, NATO installations, and the defence sector closely reflect the strategic and geopolitical interests of the Russian government. With respect to aligning interests, CrowdStrike concluded that data stolen during intrusions by APT28 has been leaked in support of Russian state information operation efforts (see entries on incident type and landmark incidents below). Researchers from Trend Micro assessed that, in earlier stages, APT28 repeatedly carried out operations against Russian citizens who fit regime characterizations of dissidents. Targeting of the latter more typically fits in with patterns of Russia’s domestic security services.

Associated APT designations

Country of origin

Period of activity


More APT profiles

  • Research and Analysis
APT Profile – UNC1151

May 25, 2023
Technical and contextual characteristics of the UNC1151 group are analysed in this APT Profile from the EuRepoC team
Load More

End of Content.

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.