FireEye recently released another Advanced Persistent Threat report. This time examining a Russian group of attackers named APT28. The report is named “APT28: A Window Into Russia’s Cyber Espionage Operations” and provides evidence of “long-standing, focused operations that indicate a government sponsor.”
According to the report, the group has attacked a number of governments, including Georgian, Eastern Europe, NATO, and the Organization for Security and Co-operation in Europe. APT28 has been active for almost a decade, operating at least since 2007.
Unlike the China-based groups FireEye tracks, the APT28 group does not steal information for financial gains. Instead they targeted “privileged information related to governments, militaries and security organizations.” The report makes it very clear that the attackers are suspected to be state sponsored.
Over 96% of the malware samples we have attributed to APT28 were compiled between Monday and Friday. More than 89% were compiled between 8AM and 6PM in the UTC+4 time zone, which parallels the working hours in Moscow and St. Petersburg.