February 21, 2018
Intel Acquisition Team

A Timeline of APT28 Activity

<p><strong>APT28</strong> (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known for its attacks on the Democratic National Committee (DNC) and other political targets in 2016. The group has a reputation for being organized and stealthy in their campaigns. Their choice of targets often aligns with Russian geopolitical interests.</p><p>Below is an image that summarizes publicly known APT28 activity from 2014 to present:</p><p style="text-align: center;"><img alt="" src="https://wwwlegacy.anomali.com/images/uploads/Fig_1_Anomali_APT.png" /></p><p style="text-align: center;"><em>Summary of APT28 Malicious Activity</em></p><p>Activities from APT28 have been covered by a number of information security research teams since first being reported on by Trend Micro in 2014. This corpus of information on the group is spread amongst a number of sources. The Anomali Labs team has compiled a timeline of all publicly known APT28 activities and shared it in this informative <a href="https://forum.anomali.com/t/apt28-timeline-of-malicious-activity/2019" target="_blank">post in the </a><a href="https://forum.anomali.com/t/apt28-timeline-of-malicious-activity/2019" target="_blank">Anomali</a><a href="https://forum.anomali.com/t/apt28-timeline-of-malicious-activity/2019" target="_blank"> Forum</a>.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.