Skip to main content
Request a Demo

APT28 Intelligence Dashboard Immediately Available for ThreatConnect

APT28 is a Russian state-sponsored threat actor with a long history of sophisticated cyber operations targeting governments, defense contractors, and critical infrastructure sectors across the globe. According to a  CISA advisory released on May 21, 2025  this group has been exploiting known vulnerabilities in routers and other network devices to gain persistent access to sensitive environments.

APT28 is also known by aliases such as:

  • Fancy Bear
  • Forest Blizzard
  • STRONTIUM, and 
  • Sofacy

To support your organization in combating this persistent threat, ThreatConnect now offers an APT28 Threat Dashboard, purpose-built to deliver targeted insights, visibility, and response capabilities tailored to this high-profile actor.

Key Benefits:

  • Centralized Intelligence: Compiles APT28-specific indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) from open-source intelligence, threat feeds, and internal telemetry.​
  • Real-Time Threat Tracking: Offers continuous updates on APT28’s attack infrastructure, victimology trends, and newly observed techniques.​
  • Incident Response Acceleration: Facilitates rapid threat triage and response by providing enriched intelligence and contextual analysis.​
  • Customizable Reporting & Visualization: Delivers interactive charts, campaign timelines, and executive-ready reports tailored to the APT28 threat landscape.​
  • For customers interconnected to defensive technologies —  Automated Correlation: Utilizes ThreatConnect’s automation engine to correlate APT28-related IOCs with existing intelligence across adversary profiles, intrusion sets, and emerging threats, assisting in prioritization and risk mitigation.

By leveraging the APT28 Threat Dashboard, security teams can enhance their threat intelligence capabilities, reduce response times, and strengthen their organization’s resilience against ransomware attacks.

Lead Contributor – Emmet Wray , Director – Customer Success Engineering

To gain access to the APT28 Threat Dashboard, please reach out to your Customer Success team or email us at customersuccess@threatconnect.com.

Further Resources

For more detailed information and resources on VanHelsingRaaS, please refer to the following:

Resource Description Link
Cybersecurity and Infrastructure Security Agency (CISA) A U.S. federal agency under the Department of Homeland Security (DHS), it serves as the national coordinator for critical infrastructure security and resilience. CISA Article
Microsoft A global technology company headquartered in Redmond, Washington, is one of the world’s largest and most influential companies. Microsoft Article
Federal Bureau of Investigation The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners are releasing this joint Cybersecurity Advisory (CSA) to warn of Russian state-sponsored cyber actors’ use of compromised Ubiquiti EdgeRouters (EdgeRouters) to facilitate malicious cyber operations worldwide. FBI Article

 

We urge all organizations to remain vigilant and proactive in their cybersecurity efforts. By implementing these recommendations, you can significantly reduce your risk and protect your critical assets.

About the Author

Emmet Wray

Emmet Wray leads the Customer Success Engineering and Professional Services teams at ThreatConnect. He has a passion for CTI and enabling customers to find creative solutions for complex problems. Outside of the office he likes to pretend he can DIY, work out and contribute to the reverse engineering community.