All Posts
Cyber Threat Intelligence
Malware
Research
ThreatStream
1
min read

A Timeline of APT28 Activity

Published on
February 22, 2018
Table of Contents
<p><strong>APT28</strong> (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known for its attacks on the Democratic National Committee (DNC) and other political targets in 2016. The group has a reputation for being organized and stealthy in their campaigns. Their choice of targets often aligns with Russian geopolitical interests.</p><p>Below is an image that summarizes publicly known APT28 activity from 2014 to present:</p><p style="text-align: center;"><img alt="" src="https://cdn.filestackcontent.com/ietdH7dbRVSf05YW6MLD"/></p><p style="text-align: center;"><em>Summary of APT28 Malicious Activity</em></p><p>Activities from APT28 have been covered by a number of information security research teams since first being reported on by Trend Micro in 2014. This corpus of information on the group is spread amongst a number of sources. The Anomali Labs team has compiled a timeline of all publicly known APT28 activities and shared it in this informative <a href="https://forum.anomali.com/t/apt28-timeline-of-malicious-activity/2019" target="_blank">post in the </a><a href="https://forum.anomali.com/t/apt28-timeline-of-malicious-activity/2019" target="_blank">Anomali</a><a href="https://forum.anomali.com/t/apt28-timeline-of-malicious-activity/2019" target="_blank"> Forum</a>.</p>

FEATURED RESOURCES

February 10, 2026
Anomali Cyber Watch

Anomali Cyber Watch: Notepad++ Attack, RAT Uses Hugging Face, Microsoft Office Flaw and more

Notepad++ Supply Chain Attack Delivers Chrysalis Backdoor. Android RAT Uses Hugging Face Platform to Host Malicious Payloads. Fancy Bear Exploits Microsoft Office Flaw in Ukraine. Nitrogen Ransomware Decryptor Fails Due to Coding Error. And more...
Read More
February 3, 2026
Anomali Cyber Watch

Anomali Cyber Watch: Stanley Malware Toolkit, ShinyHunters, Vulnerability in WhatsApp and more

Stanley Malware Toolkit Abuses Browser Extensions to Enable URL-Trusted Phishing. ShinyHunters Linked to Large-Scale Okta SSO Credential Harvesting via Voice Phishing. Silent Media Chain Vulnerability in WhatsApp Group Chats. And more...
Read More
February 5, 2026
Anomali

Anomali Earns Committed Badge from EcoVadis for Sustainability Performance

Read More
Explore All