to deploy exploit kits , the spreading of malware , compromising web-facing servers and creating fake internet addresses . Some of the tactics are straightforward , but work . In one hypothetical case , a hacker would craftAttack.Phishingan exploit document with `` enticing lure content '' and sendAttack.Phishingit to a carefully chosen victim . Once the document is opened , malware is automatically installed by exploiting a vulnerability in computer software . According to FireEye , APT28 has exploitedVulnerability-related.DiscoverVulnerabilitya number of known security flaws in the past including previously undiscovered `` zero day '' vulnerabilities in Adobe Flash Player , Java , and Windows . The hackers then contactAttack.Phishingtargets saying they need to reset passwords , lead the victim to a malicious login page and hijack passwords . `` APT28 employs a suite of malware with features indicative of the group 's plans for continued operations , as well as the group 's access to resources and skilled developers , '' the report states . After information is stolenAttack.Databreach, FireEye explains , the hacking group will often leak it to `` further political narratives '' . These reportedly include the conflict in Syria , Nato , the European Union refugee crisis and the 2016 Olympics and Paralympics athlete doping scandal . In agreement with the US government , the security firm believes the hacking group conducts its operations `` in support of Russian strategic interests '' and is made up of a `` sophisticated and prolific set of developers and operators '' . This is denied by Russian president , Vladimir Putin . `` The recent activity in the US is but one of many instances of Russian government influence operations conducted in support of strategic political objectives , and it will not be the last , '' the report states . `` As the 2017 elections in Europe approach - most notably in Germany , France , and the Netherlands – we are already seeing the makings of similarly concerted efforts . '' The research paper adds another layer to the already-impressive body of work released by organisations including ThreatConnect , Crowdstrike , SecureWorks and Fidelis Cybersecurity . The firms , while less open to attributing with utmost certainty , continue to link APT28 with Putin 's state . `` We stand by our research that the attack data we were given to analyse mirrors previous attacks of APT28 , '' John Bambenek , threat intelligence manager at Fidelis told IBTimes UK . `` The malware and the tactics we can speak with expertise on . What we can not answer is what the intent of those actors were and at whose direction they were acting , as we do not have direct intelligence on those subjects nor are we in a position to get them . '' Tom Finney , a counter threat researcher from SecureWorks , said : `` We 've been able to link this activity to Russia because of the wider targeting seen in this campaign . `` The majority of the activity appears to focus on Russia 's military involvement in eastern Ukraine ; for example , the email address targeted by the most phishing attemptsAttack.Phishing( nine ) was linked to a spokesperson for the Ukrainian prime minister . `` Other targets included individuals in political , military , and diplomatic positions in former Soviet states , as well as journalists , human rights organisations and regional advocacy groups in Russia .