The Sofacy group has been active since 2008, targeting mostly military and government entities in NATO countries, the experts speculate that its is a nation-state actor.
The experts speculate that the Sofacy has increased its operations tenfold by targeting high-profile entities by using a new set of hacking tools.
In the last months, the researchers have uncovered a series of attacks, relying on a new set of tools and zero-day exploits, and targeting defense-related targets with specific focus with the Ukraine.
“In the months leading up to August, the Sofacy group launched several waves of attacks relying on zero-day exploits in Microsoft Office, Oracle Sun Java, Adobe Flash Player and Windows itself. For instance, its JHUHUGIT implant was delivered through a Flash zero-day and used a Windows EoP exploit to break out of the sandbox. ” state a blog post published by Kaspersky Lab.
The experts spotted a rare modification of the AZZY backdoor used by the threat actors for reconnaissance purposes. The first versions of the AZZY backdoor were discovered in August, once the attackers compromise the target they use more backdoor for lateral movements.
“The attackers deploy a rare modification of the AZZY backdoor, which is used for the initial reconnaissance. Once a foothold is established, they try to upload more backdoors, USB stealers as well as other hacking tools such as “Mimikatz” for lateral movement,” continues the post.
Kurt Baumgartner, principal security researcher at Kaspersky Lab, explained that the Sofacy APT group is very technically capable, it is able to design new hacking tools depending on the specific target.
“This quick work is a new characteristic of their work, and this stepped up urgency is something that is unusual. In general, APT intrusions can last months or longer, and in these cases, we see Sofacy acting with unusually ramped urgency,” Baumgartner said.
We will continue to follow the operations of the Sofacy APT group, stay tuned …
(Security Affairs – Sofacy APT, cyberespionage)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.