Swallowtail is an alternate name for the group known as APT28

---

Swallowtail is an advanced persistent threat (APT) that has been active since at least 2014 and targets government agencies, defense contractors, telecommunications companies, and other organizations in various countries including China, Russia, the United States, and South Korea. The group uses a variety of tactics to gain access to their target\'s networks, such as spear-phishing emails or exploiting vulnerabilities in software. Once inside, they steal sensitive information, monitor systems for future attacks, and can also launch destructive cyberattacks if necessary. Swallowtail is considered one of the most sophisticated APT groups due to their ability to evade detection by security measures such as firewalls and intrusion detection systems.

Techniques, tactics and practices:

Swallowtail uses a variety of techniques to gain access to their target\'s networks such as spear-phishing emails or exploiting vulnerabilities in software. They also use stealth tactics, such as hiding malware within legitimate files and using encrypted communication channels to avoid detection by security measures like firewalls and intrusion detection systems. Additionally, they have been known to target specific individuals with personalized attacks, which can make it more difficult for organizations to detect their activities. They also use sophisticated tools such as malware that is designed to evade antivirus software and other security measures.