Sofacy APT adopts new tactics and Far East targets

Researchers have run a new analysis of the Russian-speaking Sofacy APT hacker group. The new analysis shows that the state-sponsored group marches toward Far East targets. They are also overlapping activities with other groups like Lamberts, Turla, and Danti.
Sofacy is also known as APT28, Fancy Bear or Sednit. We expect Sofacy to evolve in 2018.
The most intriguing part discovered by researchers is the overlap between Sofacy and the English-speaking hacker group behind the Lamberts, also known as Longhorn.

This discovery was made by connecting the two APTs when the presence of Sofacy was found on a server in China. The server didn’t have any cybersecurity solution implemented, and in consequence, it was compromised by a modified version of Grey Lambert malware named Sofacy’s SPLM aka Xagent, aka CHOPSTICK. We suspect that the APT planted the malware on this server because it had a shallow level of cybersecurity. In this case, a PowerShell script or legitimate but vulnerable web app was exploited to load and execute the SPLM code.

The samples of SPLM that was analyzed showed how Sofacy maintains distinct subdivisions for each of its main tools.
We are very worried regarding global cybersecurity because of the usage of many different new modules like file stealers, remote shells, or keyloggers.
Remember! If you have a device that runs on Windows or macOS, it must be protected by antivirus for Windows or antivirus for Mac, and if you are a company, you must hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking tests.

The cybersecurity problems don’t stop here because for the past months this Russian speaking hacker group concentrated in developing. Net and Power Shell malware activity.
Sofacy’s roots go back in time to around 2007. From 2007 to 2018 they have evolved incredibly, last year, for example, they targeted various devices with a fullback door (SMLP/Xagent).

This kind of cyber attacks would only go upwards shortly and because of this all companies and individuals must protect their devices with at least one cybersecurity solution like an antivirus. Remember always to choose the right antivirus software for your OS. For example, if your device is running Windows choose only the best antivirus for Windows or if your device is running macOS choose only the top antivirus for Mac.
Regarding companies, we recommend various cybersecurity checkups like penetration testing or ethical hacking tests.