A new report by cybersecurity firm FireEye says that the Russian group has targeted regional governments, as well as NATO and U.S. defense contractors.

FireEye released a report Oct. 28 in which it identifies a hacking group it calls Advanced Persistent Threat 28 or APT28, which is likely based in Moscow’s timezone. The group has operated since at least 2007.

“APT28’s characteristics — their targeting, malware, language and working hours — have led us to conclude that we are tracking a focused, long-standing espionage effort… sponsored by the Russian government.”

Based on the company’s analysis of the way the group’s malware is coded and the targets that it is used against, FireEye says the Russian government is behind the effort.


APT28’s targets have included government entities in Georgia, Poland and Hungary, as well as NATO, OSCE, defense contractor Blackwater and at least one Georgian journalist, among others. FireEye points out that all of the targets are of interest to the Russian government.

The malware that APT28 uses is very sophisticated, according to FireEye. Some of the programs have been developed to not only hide from detection but also to deter reverse engineering of the malware’s code.

The WSJ said that the FireEye report follows closely with a recent non-public report by Google researchers on the group that was delivered to U.S. Homeland Security. The paper says that it has seen the Google report and that Google confirmed to the WSJ its authenticity and content.

By cir.ca.