From the moment any data system comes online, it is […]
Of all the threatening hacker groups out there, one of the […]
As we continue our series of articles on state-sponsored cyberattack groups, […]
See how securing your environment with Ntirety’s Comprehensive Compliant Security solution can save you money with our ROI Calculator.
Overview This event technology company provides customers with best-in- class […]
OVERVIEW What started as a niche company to bridge two […]
Michigan Mutual is a mortgage broker founded in 1992 by […]
In this episode, we talk with Tony Scribner of Ntirety, […]
Emil Sayegh is a well established executive in product and […]
Today we’ll be talking about hybrid cloud, security, and Maslow’s […]
APT28 is a notorious cyber espionage group that has been active since at least 2007. APT28 has been known to target governments, military organizations, and other high-value targets in various countries using their signature techniques. The group has been linked to several high-profile cyberattacks, including the alleged 2016 US presidential election hack and the 2017 NotPetya malware attack.
One of the most notable campaigns associated with APT28 is the 2016 hack of the Democratic National Committee (DNC) in the United States. This attack resulted in the theft of sensitive emails and other information that were later leaked to the public and was seen as an attempt to interfere with the US presidential election. It was widely condemned. More recently, CISA said it discovered the Russian hacking group had infiltrated a satellite communications provider with critical infrastructure customers.
APT28 is considered to be a highly sophisticated and well-funded state-sponsored group backed by the Russian government. The group has been the subject of several high-profile reports and warnings from cybersecurity companies and government agencies, including the US Department of Homeland Security. It targets governments, military organizations, media, research, and private sector companies for the purpose of gathering intelligence, stealing sensitive information, and criminal financial gain.
APT28 is known for its use of advanced malware and hacking techniques to gain access to its targets’ networks. In addition to using advanced malware and spear-phishing tactics, the group is also known for using “watering hole” attacks, where it infects websites that are known to be frequented by targets. It also uses “living-off-the-land” tactics, whereby the group utilizes legitimate tools and infrastructure already present on a victim’s network in order to move laterally and evade detection.
APT28 is known for using a variety of command and control (C2) infrastructure to communicate with its malware and to exfiltrate stolen data. This infrastructure often uses a combination of different protocols, such as HTTP and DNS, making it difficult to detect and block. One of the group’s most well-known tools is Sednit, which has been used in several APT28 campaigns. Sednit is a sophisticated piece of malware that can steal sensitive information and maintain a persistent presence on a victim’s network.
The group also uses spear-phishing campaigns to target specific individuals and gain access to their networks. These campaigns often use social engineering tactics, such as sending emails that appear to be from a trusted source, to trick victims into clicking on malicious links or attachments.
Organizations can protect themselves against APT28 and other advanced threat actors by implementing strong cybersecurity measures. These include:
APT28 is one of the most serious threats in existence today, and it’s important for organizations and individuals to be aware of its tactics in order to better protect themselves from attacks.
This article was originally published in Forbes, please follow me on LinkedIn.