According to the security firm FireEye, The country of Georgia and the Caucasus, Eastern European governments and militaries, and various security-related organizations including the North Atlantic Treaty Organization (NATO) have been the targets of alleged Russian government cyber espionage group "APT28".





FireEye says " Since 2007, APT28 has systematically evolved its malware, using flexible and lasting platforms indicative of plans for long-term use. The coding practices evident in the group’s malware suggest both a high level of skill and an interest in complicating reverse engineering efforts."





FireEye identified that the malware was compiled in a Russian language build environment consistently over the course of six years (2007 to 2013). Indicators in APT28’s malware suggest that the group consists of Russian speakers operating during business hours in Russia’s major cities.





APT28 uses spearphishing emails to target its victims, a common tactic in which the threat group crafts its emails to mention specific topics (lures) relevant to recipients. This increases the likelihood that recipients will believe that the email is legitimate and will be interested in opening the message, opening any attached files, or clicking on a link in the body of the email.





FireEye - "We have evidence that APT28 made at least two attempts to compromise Eastern European government organizations."





"The longer term maintenance of APT28 malware is interesting because it speaks to a dedicated development effort behind the scenes.It reflects the group's commitment and evolution of its various tools, and its development of the CHOPSTICK modular platform points to longer-term thinking and planning in regards to creating a flexible exploitation toolset,” McWhorter said.