Relentless Sofacy APT Attacks Armed With Zero Days, New Backdoors

December 4, 2015

A new analysis of the Sofacy APT gang, a Russian-speaking group carrying out targeted attacks against military and government offices for close to a decade, shows a relentless wave of intrusions peaking this summer against victims in a number of NATO countries and the Ukraine.

Researchers at Kaspersky Lab this morning released their update on Sofacy, which is also known as APT28, Fancy Bear, Sednit and a handful of other monikers. The report demonstrates a barrage of zero-day vulnerabilities in Office, Java, Adobe and Windows at the group’s disposal; the zero-days are being used against targets in attacks that remained active as of last month. The gang’s malware implants were uncovered as well as its capabilities to quickly adapt to detection technologies and hit compromised machines with different backdoors so that in case one was found out, there would be fallbacks.