Their researchers state it is highly likely they are supported by the Russian Government, specifically the GRU which is the Russian military intelligence arm, the counterpart of the FSB (former KGB). APT28 "active measures" were trying to influence U.S. presidential elections and at the moment try to do the same thing in France and Germany.
APT28 moves from just spying to sabotage
SecureWorks said: "The threat group has targeted non-governmental organizations (NGOs), journalists, politicians, political organizations, governments, and militaries since at least 2009. SecureWorks® Counter Threat Unit™ (CTU) researchers assess it is highly likely that IRON TWILIGHT is sponsored by the Russian government. In Spring 2015, the Russian government began tasking IRON TWILIGHT with activity beyond covert intelligence gathering. The group conducted a sabotage operation against France-based TV station TV5Monde and leaked political details in what U.S. intelligence agencies concluded was an attempt to influence the U.S. presidential election."
"Prior to 2015, IRON TWILIGH targets were consistent with a government intelligence agency tasked with covertly gathering military intelligence. In 2015, there were reports that IRON TWILIGHT had performed credential spear phishing attacks against Russian political activists, bloggers, and politicians; had targeted U.S. journalists; and had compromised the network of the German Bundestag parliament."
Attack vectors: phishing emails and drive-by downloads at scale
Since March 2015, the group has attacked thousands of Gmail users using phishing attacks to steal credentials. IRON TWILIGHT has used spearphishing emails with malicious document attachments or links to a custom exploit kit. Its toolset includes malware for Windows, Mac OS X, and Linux-based operating systems and mobile devices. The threat actors also use targeted phishing campaigns to steal webmail credentials. As IRON TWILIGHT operates this capability at scale, automation likely accesses and exfiltrates data from compromised accounts.
IRON TWILIGHT's hacking toolkit
What to do about It
SecureWorks recommends the following excellent best practices to prevent network compromise:
If you want to spend less time putting out fires, get more time to be proactive, and get the things done you know need to be done, step your employees through effective security awareness training. It will help you prevent compromises like this or at least make it much harder for the bad guys to social engineer your users.