Advanced persistent threat using AI-assisted spear phishing, deepfake content generation, and automated social media influence operations. Targets military and government networks.
APT28 has been linked to a series of increasingly sophisticated influence operations that combine real hacked material with AI-generated synthetic content to amplify the psychological impact of intelligence releases. The group's AI-assisted spear phishing capabilities have enabled it to craft highly personalized deceptive emails at scale that defeat traditional security awareness training. NATO governments have assessed APT28 as the most persistent and capable state-sponsored advanced persistent threat targeting western political institutions.
DNC hack 2016; targeting NATO countries 2022–present; AI-generated disinformation campaigns
APT28 threat intelligence has benefited CrowdStrike (CRWD), which first publicly attributed APT28 to GRU. Microsoft (MSFT) also benefits through its Azure security services and Microsoft Threat Intelligence Center.