Threat Actor Profile

APT28

Aliases
  • Fancy Bear
  • Forest Blizzard
  • Sofacy
  • STRONTIUM
Origin
Russia
Active Since
2004
Motivation
Espionage, Strategic intelligence collection, Influence operations
Cause
Nation State
Recent Activity

In April 2026, DOJ and FBI disrupted the U.S. portion of a SOHO-router DNS hijacking network controlled by GRU Unit 26165, also known as APT28, Fancy Bear, and Forest Blizzard.

Primary Targets
  • Democratic National Committee
  • German Parliament
  • European government and defense organizations
Target Locations
  • United States
  • Europe
  • Ukraine
Target Sectors
  • Government
  • Defense
  • Political Organizations
Vulnerabilities

Microsoft Office vulnerabilities

Windows Print Spooler vulnerabilities

How Bitsight Helps

Understanding threat actor capabilities is only half the battle—the other half is knowing whether your organization is in their crosshairs. See how Bitsight threat intelligence helps you move from observation to action.

Request threat intel demo