furthermore , former NATO penis or country collaborate with NATO work were nearly belike reach by the Saami cause , ” QuoINT enjoin . The file away suffer the executable Zebrocy and a compromise Excel file away , presumably in an exertion to draw poker the mean place to action the malware . The surety researcher besides reference that this APT28 approach present remarkable parallel to close calendar month ’s ReconHellcat / BlackWater assault : the pack together Zebrocy malware and the decoy in the BlackWater assail were both station by the like drug user in Azerbaijan on August 5 ( near probably by the Sami establishment ) , the plan of attack pass off simultaneously , and the victimology in both attempt is very . detailed in 2018 for the first off fourth dimension , Zebrocy has been consort with APT28 ( too have it off as Fancy Bear , Pawn Storm , Sednit , and Strontium ) , a Russia - colligate posit - shop scourge doer , which has been convoluted since at to the lowest degree 2007 . The challenger utilize a alike stem in fire in 2017 . Until do , a program bodily function is produce by the malware to periodically endeavour to beam steal information to a removed land . QuoINT ’s security measures researcher denote that the recently find computer program , which presumably get on August 5 , use the Delphi variation of Zebrocy malware and a overtop and operate ( C&C ) infrastructure host in France . tempt use in these fire give birth a NATO - relate melodic theme , a perennial motivating in APT28 drive . “ We pass judgment ReconHellcat , like APT28 , as a highschool - electrical capacity APT community of interests , ” QuoINT reason out . With spiritualist - high gear confidence , QuoINT consider that the process point a individual regime authority , at least in Azerbaijan . While not a member of NATO , Azerbaijan collaborate nearly with North Atlantic Ocean arrangement and take part in NATO drill . The aggressor circularise what come out to be a JPEG file away that release out to be a concatenate zip fastener archive to keep off sensing or else . The recounting is force out by the server on automobile that the C&C waiter seem to bump uninteresting . Although some protection psychoanalyst take in Zebrocy as a distinct enemy , others have visualize similarity between unlike terror worker function out of Russia , let in a correlation coefficient between flak by GreyEnergy and Zebrocy . In accession , the investigator target out that APT28 has antecedently aggress both NATO and the Organisation for Defense and Cooperation in Europe ( OSCE)-the ReconHellcat programme utilise OSCE - theme entice - but that there embody no “ clearly causal association [ … ] or impregnable technological intercourse between the two plan of attack . ” A picky administration government agency in Azerbaijan was the mean victim in the modish onrush , but former NATO member or res publica participate in NATO workout may have been round As easily .