Fancy Bear Uses LSB Steganography and Reflective Loading to Run C# Remote-Control Trojan
A new intrusion campaign attributed to APT‑C‑20 (aka Fancy Bear, APT28) demonstrates the group’s continued refinement of stealthy, fileless techniques: weapo...
Russian military intelligence (GRU) hacking group active since mid-2000s. Known for targeting NATO governments, military organizations, and political entities.
Also known as: apt28, fancy bear, sofacy, pawn storm, strontium, forest blizzard, iron twilight, sednit
A new intrusion campaign attributed to APT‑C‑20 (aka Fancy Bear, APT28) demonstrates the group’s continued refinement of stealthy, fileless techniques: weapo...
A notable operational pivot by the GRU-linked intrusion set APT28 (aka Fancy Bear, Sofacy, Forest Blizzard, Pawn Storm) that combines the MooBot botnet and c...
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
The resurgence of one of Russia’s most notorious APT groups
January 2026 saw 23 actively exploited CVEs, including APT28’s Microsoft Office zero-day and critical auth bypass flaws impacting enterprise systems.