Download Whitepaper:
APT28 Under the Scope: A Journey into Exfiltrating Intelligence and Government Information
When it was initially coined, the term “Advanced Persistent Threat” was used to define an attack that, unlike regular commercial-grade malware, would focus on a particular target, its network topology and defenses. The purpose of this type of attack is exfiltration of sensitive data over a long period of time or silently crippling their industrial processes.
To connect the dots between an identified attack and the state actor(s) behind it, companies like Bitdefender look for solid evidence inside the APT code or in the used communication infrastructure. The following report is a technical investigation of some particularities in the APT28 payload implementation that allowed us to link the threat to its operators.