The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. ...

Threat Actor Profile

APT28

State-sponsored threat group originating from RU. Suspected sponsor: Russian Federation. Known to target Government, Military. Uses 122 known MITRE ATT&CK techniques.

122 TTPs Mapped 2 Industries Tracked Real-Time Alerts

Actor Overview

Origin Country
RU
Suspected Sponsor
Russian Federation
Incident Types
Espionage
Known Techniques
122 TTPs

Target Industries

GovernmentMilitary

Suspected Victims

GeorgiaFranceJordanUnited StatesHungaryWorld Anti-Doping AgencyArmeniaTajikistanJapanNATOUkraineBelgiumPakistanAsia Pacific Economic CooperationInternational Association of Athletics FederationsTurkeyMongoliaOSCEUnited KingdomGermanyPolandEuropean CommissionAfghanistanKazakhstanChina

MITRE ATT&CK Techniques

T1021T1134T1134.001T1098T1098.002T1583T1583.001T1583.003T1583.006T1595T1595.002T1557T1557.004T1071T1071.001 +107 more

Related Threat Reports

Premium
APT Campaign Analysis - Q4 2025Dec 2025
New Tactics Observed in WildDec 2025
Infrastructure Mapping ReportDec 2025
Stay Updated

Get alerts when new intel on APT28 is published.

Actor Details

Primary Name
APT28
Known Aliases
Pawn Storm, FANCY BEAR, Sednit, SNAKEMACKEREL, Tsar Team, TG-4127, STRONTIUM, Swallowtail, IRON TWILIGHT, Group 74, SIG40, Grizzly Steppe, G0007, ATK5, Fighting Ursa, ITG05, Blue Athena, TA422, T-APT-12, APT-C-20, UAC-0028, FROZENLAKE, Sofacy, Forest Blizzard, BlueDelta, Fancy Bear, GruesomeLarch
Data Source
Precursor Intelligence
Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →