APT28 is a threat actor attributed to RU, also known as G0007, Sofacy, Group-4127. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does APT28 exploit?

APT28 is known to exploit 14 CVEs. View the full list on the Strobes VI threat actor profile page.

APT28

Also known as: G0007, Sofacy, Group-4127, Sednit, UAC-0028, Grey-Cloud, BlueDelta, Fighting Ursa, FROZENLAKE, SNAKEMACKEREL, TsarTeam, Grizzly Steppe, Strontium, Forest Blizzard, TAG-110, STRONTIUM, SIG40, Group 74, TG-4127, Pawn Storm, T-APT-12, APT 29, Cozy Bear, The Dukes, together with, Tsar Team, ATK 5, IRON TWILIGHT, APT-C-20, ITG05, UAC-0001, Iron Twilight, Threat Group-4127, Snakemackerel, ATK5, TAG-0700, FANCY BEAR, GruesomeLarch, UAC-0063, TA422, Fancy Bear, APT 28, Blue Athena, Swallowtail, APT 29, Cozy Bear, The Dukes, Group 100, Yttrium, Iron Hemlock, Minidionis, CloudLook, ATK 7, ITG11, Sofacy, APT 28, Fancy Bear, Sednit, UNC2452, Dark Halo, SolarStorm, StellarParticle, SilverFish, Nobelium, Iron Ritual, Cloaked Ursa, BlueBravo, Midnight Blizzard, UNC3524, Cranefly, TEMP.Monkeys, Blue Dev 5, NobleBaron, Solar Phoenix, Earth Koshchei, G0016

RUInformation theft and espionage

Exploited CVEs

Overview

The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.

Exploited Vulnerabilities

CVE ID	Action
CVE-2023-233397	View Details
CVE-2022-38028	View Details
CVE-2015-1701	View Details
CVE-2014-7169	View Details
CVE-2014-4076	View Details
CVE-2017-0262	View Details
CVE-2017-0263	View Details
CVE-2017-0176	View Details
CVE-2016-6662	View Details
CVE-2015-2387	View Details
CVE-2022-21894	View Details
CVE-2015-4902	View Details
CVE-2013-0640	View Details
CVE-2023-38831	View Details

Quick Actions

APT28

Ready for Agentic Automated Testing?

APT28