A Timeline of APT28 Activity

February 22, 2018 | Intel Acquisition Team

APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known for its attacks on the Democratic National Committee (DNC) and other political targets in 2016. The group has a reputation for being organized and stealthy in their campaigns. Their choice of targets often aligns with Russian geopolitical interests.

Below is an image that summarizes publicly known APT28 activity from 2014 to present:

Summary of APT28 Malicious Activity

Activities from APT28 have been covered by a number of information security research teams since first being reported on by Trend Micro in 2014. This corpus of information on the group is spread amongst a number of sources. The Anomali Labs team has compiled a timeline of all publicly known APT28 activities and shared it in this informative post in the Anomali Forum.

Intel Acquisition Team
About the Author

Intel Acquisition Team

The Anomali Intelligence Acquisition Team is comprised of experts from all areas of the cybersecurity industry, including a variety of public and private sectors. These analysts conduct detailed research for Anomali solutions, the Anomali Weekly Threat Briefing, and breaking news events.

Get the latest threat intelligence news in your email.