We’ve updated the volunteer application form — time to apply. We have open volunteer positions — anyone can join, regardless of experience or field. OSINT, cybersecurity, analysis, or journalism — all the details are at the link. Together we do work that matters.

This analytical report examines how GRU-linked APT groups operate in cyberspace as interconnected elements of a coordinated system rather than as isolated actors. It reconstructs the operational logic behind units such as APT28 and APT44, showing how cyber operations are integrated with intelligence gathering, sabotage, and information campaigns. The analysis highlights that cyber activity is often driven by geopolitical triggers such as wars, elections, and crises, while different units perform distinct roles within a shared operational ecosystem.

6,000 defense-industrial complex enterprises of the russian federation are now available on an interactive map. Lex Talionis and OsintVarta have developed a map of enterprises operating within the aggressor state. The platform includes descriptions of their activities and specific developments, information on vetted employees with enriched data, as well as structured categorization for easier navigation and analysis.

We are currently looking for: OSINT / GEOINT / Technical Intelligence Analyst Volunteer Editor Community Manager AI / Automation / Full-Stack Engineer Our work focuses on open-source investigations, analytical reporting, community coordination, and building technical tools that support evidence-based research. All roles are remote with flexible engagement. If you are interested in applying your analytical, editorial, community, or technical skills to meaningful investigative work, we invite you to join our team.

A closer look at the hacker group APT28, also known as Fancy Bear. APT28 does not operate randomly. Its target selection is systematic and politically driven, aligning with russia’s active geopolitical interests. During the 2016 U.S. presidential election, the breach of email accounts and servers belonging to U.S. political organizations became more than a hacking incident — it became an instrument of geopolitical influence.

In 2017, the NotPetya cyberattack caused more than $10 billion in global economic damage, disrupting ports, manufacturing operations, and logistics networks worldwide. According to official statements from the U.S. and U.K. governments, the attack was attributed to units of russia’s military intelligence agency (GRU) — specifically the group known as Sandworm (also referred to as APT44).

OSINT Copilot is an intelligence automated solution to quickly collect and organize open-source information in one place. Instantly structured data instead of spending time manually assembling information. The Service utilizes AI and LLMs to generate reports, summaries, and risk assessments. OSINT Copilot can help you: • Collect information from multiple open sources

Good news for Matrix users: we’ve launched an open news channel! We’ll be sharing updates, analytical notes, and announcements — directly on Matrix. Join here

The Aggregator tool has been updated with one new data source: LeakCheck. LeakCheck is a breach-search service that helps identify exposed credentials and related leak artifacts by searching across large leak datasets (e.g., email/username and other supported query types), with options for API-based integration, monitoring, and bulk checks.

We’ve refreshed our Donation Hub to make supporting SHUM OSINT simpler and faster. The page is now a single place where you can choose the method that fits you best and complete a donation in a couple of clicks. What’s new: Monobank jar / card payment — quick top-ups with an option to pay by card.