Cyber warfare has played an increasingly significant role in geopolitical conflicts in recent years, especially since the outbreak of the Russian-Ukrainian war.

APT28 - also known as Fancy Bear, Sofacy, or STRONTIUM - linked to Russian military intelligence (GRU, Military Unit 26165) is one of the most well-known and active state-sponsored hacker groups, closely tied to Russian military and geopolitical interests for more than 20 years.

This group not only conducts classical cyber espionage but has also become a key player in modern information warfare and cyber warfare. APT28's objectives include gathering intelligence, political influence operations, and weakening adversaries' critical infrastructure.

APT28 is therefore not simply a hacker group, but a well-organized cyber warfare unit that fits into military structure, continuously evolving and serving as a key player in the war being waged in cyberspace.

In a recently published analysis1, Maverits examined the activities of this group, APT28, between 2022 and 2024. It's worth noting that the cybersecurity firm conducting the analysis is headquartered in Ukraine, maintaining close ties with Ukrainian national security and defense organizations. This geographical and operational position enabled the report to rely on the most current and in-depth information possible.

The article aims to summarize the key findings of the Maverits report and place them in a broader context, demonstrating how APT28's activities fit into Russian military-diplomatic strategy and global cyber warfare trends.

APT28's Target Countries and Geopolitical Objectives

APT28's activities have always been closely tied to Russia's geopolitical interests. However, in the past three years, the group's geographical focus of attacks has somewhat shifted as a consequence of the war that broke out in 2022. The analysis of target countries not only shows where APT28 is active, but