NoName057(16) is a pro-russian hacktivist collective that has been conducting large-scale DDoS campaigns against government institutions, financial systems, transportation infrastructure, and media organizations across Europe and NATO-aligned countries since 2022. Unlike traditional APT groups, its activities are not focused on espionage or long-term persistence, but rather on disruption and the degradation of digital services.

APT29 (Cozy Bear) remains one of the most active cyber espionage groups linked to the Russian intelligence apparatus. Their approach is not built around “fast” attacks, but around long-term access, credential operations, and gradual persistence inside targeted infrastructure. The report breaks down a typical APT29 attack chain — from OSINT collection, phishing delivery, and malicious RDP/HTML files to Azure AD compromise, persistence through service principals, and further activity within Office 365 and cloud environments.

SHUM has established a partnership with Lex Talionis and OsintVarta as part of their joint OSINT-focused initiative. The project brings together teams working on open-source investigations, data collection, and analytical research related to the russian federation’s defence-industrial complex and associated structures. It includes structured datasets, mapping, and analysis aimed at improving transparency and enabling further investigative work.

Our Research and Development department has been running in the background for a while now — building tools and internal solutions that support our OSINT investigations and war crimes documentation efforts. As part of that, we’ve launched a GitHub organization. Access is restricted — our work touches sensitive areas, and we keep it that way intentionally.

We’ve updated the volunteer application form — time to apply. We have open volunteer positions — anyone can join, regardless of experience or field. OSINT, cybersecurity, analysis, or journalism — all the details are at the link. Together we do work that matters.

This analytical report examines how GRU-linked APT groups operate in cyberspace as interconnected elements of a coordinated system rather than as isolated actors. It reconstructs the operational logic behind units such as APT28 and APT44, showing how cyber operations are integrated with intelligence gathering, sabotage, and information campaigns. The analysis highlights that cyber activity is often driven by geopolitical triggers such as wars, elections, and crises, while different units perform distinct roles within a shared operational ecosystem.

6,000 defense-industrial complex enterprises of the russian federation are now available on an interactive map. Lex Talionis and OsintVarta have developed a map of enterprises operating within the aggressor state. The platform includes descriptions of their activities and specific developments, information on vetted employees with enriched data, as well as structured categorization for easier navigation and analysis.

We are currently looking for: OSINT / GEOINT / Technical Intelligence Analyst Volunteer Editor Community Manager AI / Automation / Full-Stack Engineer Our work focuses on open-source investigations, analytical reporting, community coordination, and building technical tools that support evidence-based research. All roles are remote with flexible engagement. If you are interested in applying your analytical, editorial, community, or technical skills to meaningful investigative work, we invite you to join our team.

A closer look at the hacker group APT28, also known as Fancy Bear. APT28 does not operate randomly. Its target selection is systematic and politically driven, aligning with russia’s active geopolitical interests. During the 2016 U.S. presidential election, the breach of email accounts and servers belonging to U.S. political organizations became more than a hacking incident — it became an instrument of geopolitical influence.

In 2017, the NotPetya cyberattack caused more than $10 billion in global economic damage, disrupting ports, manufacturing operations, and logistics networks worldwide. According to official statements from the U.S. and U.K. governments, the attack was attributed to units of russia’s military intelligence agency (GRU) — specifically the group known as Sandworm (also referred to as APT44).