APT 28
Affiliations
  • Also known as Pawn Storm, Hades, Fancy Bear, Sofacy, Tsar Team, Strontium, and Sednit. Estonian and British intelligence services associate this group with Russian military intelligence (GRU). The United States believes that GRU units 26165 and 74455 form a part of this threat actor.   
This threat actor is linked to espionage campaigns, high-profile doxing efforts, and disruptive incidents that compromised targets believed to be of interest to the Russian government. Suspected to be behind the Democratic National Committee compromise, the 2015 compromise of networks of the German Bundestag, the 2015 TV5 Monde incident, the UK TV station incident, the hacking of a Ukrainian military mobile app, the compromise of the World Anti-Doping Agency, the compromise of numerous sports federations, the attempted compromise of Bellingcat, the Bad Rabbit incident, the targeting of European foreign ministries and defense agencies, the targeting of campaigns for the 2018 U.S. midterm elections, the targeting of the office of Senator Claire McCaskill, the targeting of the OPCW, and the compromise of U.S. Anti-Doping Agency, the Court of Arbitration for Sport, the Canadian Centre for Ethics in Sport, FIFA, and Westinghouse
Suspected victims
  • Georgia
  • France
  • Jordan
  • United States
  • Hungary
  • World Anti-Doping Agency
  • Armenia
  • Tajikistan
  • Japan
  • Court of Arbitration for Sport
  • NATO
  • Ukraine
  • Belgium
  • Pakistan
  • Asia Pacific Economic Cooperation
  • International Association of Athletics Federations
  • Turkey
  • Mongolia
  • Canada
  • Federation Internationale de Football Association
  • OSCE
  • United Kingdom
  • Germany
  • Poland
  • European Commission
  • Afghanistan
  • Kazakhstan
  • China
  • Organization for the Prohibition of Chemical Weapons
  • Burisma
Suspected state sponsor
  • Russian Federation
Target category
  • Government
  • Military
  • Private sector