A closer look at the hacker group APT28, also known as Fancy Bear.

APT28 does not operate randomly. Its target selection is systematic and politically driven, aligning with russia’s active geopolitical interests.

During the 2016 U.S. presidential election, the breach of email accounts and servers belonging to U.S. political organizations became more than a hacking incident — it became an instrument of geopolitical influence. Entities such as the Democratic National Committee were compromised, and stolen materials were later weaponized in the information domain.

In this report, we provide an OSINT-based analysis of how APT28 selects its targets, how its operations correlate with russia’s foreign policy priorities, and why cyber operations increasingly function as an extension of state power.

We also examine publicly identified individuals linked through U.S. indictments to these operations — including officers of russia’s GRU, specifically Military Unit 26165.