Threat Intelligence / Actor / APT28
APT28
Also known as: Fancy Bear, UAC-0001, Sofacy, Sednit, STRONTIUM, Forest Blizzard, FROZENLAKE, ITG05, UAC-028, Pawn Storm, Iron Twilight, TA422
Tracked threats
- Operation MacroMaze: APT28 Campaign Targeting Western & Central Europe via Evolving Macro Droppers & Legitimate Infrastructure Abuse — MEDIUM
- APT28 Operation Neusploit: MS Office CVE-2026-21509 Espionage Campaign — CRITICAL
Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →