FireEye, Inc. | APT28: A Window Into Russia's Cyber Espionage Operations?

Russia has long been a whispered frontrunner among capable nations for performing sophisticated network operations. This perception is due in part to the Russian government’s alleged involvement in the cyber attacks accompanying its invasion of Georgia in 2008,[1] as well as the rampant speculation that Moscow was behind a major U.S. Department of Defense network compromise, also in 2008.[2] These rumored activities, combined with a dearth of hard evidence, have made Russia into something of a phantom in cyberspace. 

In this report, learn about how this group:

  • Targets insider information related to governments, militaries, and security organizations that would likely benefit the Russian government.
  • Has systematically evolved its malware using flexible and lasting platforms indicative of plans for long-term use.
  • Uses malware that is developed using Russian language settings during working hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.




1 Markoff, John. “Before the Gunfire, Cyberattacks”. The New York Times 12 August 2008. Web. http://www.nytimes.com/2008/08/13/technology/13cyber.html

Knowlton, Brian. “Military Computer Attack Confirmed”. The New York Times. 25 August 2010. Web. http://www.nytimes.com/2010/08/26/technology/26cyber.html




APT28 - A Window Into Russia's Cyber Espionage Operations?

Complimentary Report

Download the Report

© 2017 FireEye, Inc. All rights reserved. Privacy Policy. FireEye on Facebook    FireEye on Twitter    FireEye on LinkedIn    FireEye Blog: Malware Intelligence Lab