APT28 targeted 'top European political figures'

Bitdefender has jumped on the bandwagon of cyber-security companies saying Russians are behind the APT28 hacker group, also known as Sofacy.

According to a Bitdefender report, the security firm has discovered that the group was targeting hand-picked victims, such as “top European political figures and state agencies” in what it calls a massive intelligence-gathering operation.

It released its findings in a new report entitled ‘APT28 Under the Scope – A Journey into Exfiltrating Intelligence and Government Information’, where it demonstrates evidence that Sofacy, which has been operating covertly in Europe since 2007, has been used to harvest intelligence on issues of importance to Russia.

Bitdefender says that APT28’s activity was at its highest during international events such as peace talks between Moscow-backed rebels and government forces in Ukraine and during the extensive media coverage of the Russian ‘smart plane’ PAK FA T-50 Fighter.

‘APT28 Under the Scope’ delves into APT28’s three distinct attack vectors, its exhaustive methods of probing to find new victims and its targeting of top political figures, government institutions, telecommunication and e-crime services, as well as aerospace companies from Germany, Ukraine and Romania.

“While the term Advanced Persistent Threat first became popular after the discovery of Stuxnet in an Iranian nuclear processing facility more than five years ago, some other threat actors, such as the operators of APT28, have managed to covertly gather intelligence for almost a decade,” states Viorel Canja, Head of Antimalware and Antispam Labs at Bitdefender. “Our investigation focused on the APT28 infrastructure and operation particularities, which allowed us to link the threat with its operators and offer a glimpse of how one Advanced Persistent Threat works and who it targets.”