APT-28 Technical Analysis Report

Executive Summary

This report provides a detailed analysis of APT 28, a cyber espionage and attack group operating since 2004 and affiliated with the General Staff Main Intelligence Directorate of the Russian Armed Forces (GRU). The target scope of APT 28’s attacks varies according to Russia’s interests.

The report examines various attack techniques used by APT 28, the attack surface, and the targets of its past attacks. APT 28 actively operates in sectors that serve the interests of the Russian government and in various countries.

APT 28 is a cyber attack group that aims for persistence in the target system, focusing on obtaining identity information among other objectives, using various techniques. This report details the techniques used and their functions.

In conclusion, APT 28 poses a significant threat to both target communities and countries due to its evolving attack surface and strategies. The purpose of this report is to analyze APT 28’s activities, objectives, and the structure of its malicious software developed in .NET, in order to provide insights into necessary preventive measures.

APT-28 Technical Analysis