However, as we looked into the 5.149.249[.]172 IP address within the FBI Flash Bulletin, we uncovered a spearphishing campaign targeting Turkey’s ruling Justice and Development (AK) Party, Ukrainian Parliament, and German Freedom Party figures from March – August 2016 that fits a known Russian targeting focus and modus operandi. As we explored malicious activity in the IP ranges around 5.149.249[.]172 we found additional linkages back to activity that could be evidence of Russian advanced persistent threat (APT) activity. This connection around the 5.149.249[.]172 activity is more suggestive of state-backed rather than criminally motivated activity, although we are unable to assess which actor or group might be behind the attacks based on the current evidence.