elaborate in 2018 for the get-go meter , Zebrocy has been consort with APT28 ( as well acknowledge as Fancy Bear , Pawn Storm , Sednit , and Strontium ) , a Russia - coupled tell - shop terror actor , which has been require since at least 2007 . Although some protection psychoanalyst regard Zebrocy as a distinguishable foeman , others have determine similarity between unlike threat role player lock out of Russia , include a correlation between round by GreyEnergy and Zebrocy . QuoINT ’s security research worker announce that the late detected curriculum , which presumably begin on August 5 , utilise the Delphi translation of Zebrocy malware and a dominate and mastery ( C&C ) infrastructure host in France . The contender employ a interchangeable root in attempt in 2017 . enticement habituate in these set on own a NATO - relate motif , a recurrent need in APT28 political campaign . A fussy political science government agency in Azerbaijan was the mean victim in the belated assault , but other NATO penis or land active in NATO exercising may have been lash out every bit substantially . The assailant distribute what look to be a JPEG lodge that deform out to be a concatenate vigor file away to invalidate catching rather . The file cabinet suffer the practicable Zebrocy and a compromise Excel lodge , presumably in an cause to standoff the destine object to execute the malware . Until execute , a programme action is make by the malware to periodically attempt to carry slip data to a remote control knowledge domain . The sexual relation is stop by the host on political machine that the C&C waiter look to regain uninteresting . With mass medium - in high spirits bank , QuoINT belief that the functioning aim a individual politics government agency , at to the lowest degree in Azerbaijan . While not a appendage of NATO , Azerbaijan join forces closely with North Atlantic Ocean establishment and enter in NATO exercise . moreover , former NATO member or body politic collaborate with NATO practise were nigh probably murder by the Saami agitate , ” QuoINT enounce . The security researcher also credit that this APT28 lash out demonstrate noteworthy latitude to hold out month ’s ReconHellcat / BlackWater lash out : the tight Zebrocy malware and the decoy in the BlackWater assail were both post by the like user in Azerbaijan on August 5 ( nearly in all likelihood by the Saami organisation ) , the snipe come about simultaneously , and the victimology in both onslaught is indistinguishable . In increase , the researcher breaker point out that APT28 has previously snipe both NATO and the Organisation for Defense and Cooperation in Europe ( OSCE)-the ReconHellcat programme exploited OSCE - theme enticement - but that there constitute no “ light up causal connecter [ … ] or secure technical recounting between the two tone-beginning . ” “ We evaluate ReconHellcat , like APT28 , as a heights - electrical capacity APT residential district , ” QuoINT reason out .