Sofacy Group

Threat Actor updated a month ago (2024-09-05T13:17:44.275Z)
Download STIX
Preview STIX
The Sofacy Group, also known as APT28, Fancy Bear, Pawn Storm, Sednit, BlueDelta, and STRONTIUM, is a well-established threat actor that has been active since at least 2007. This group, which could be an individual, a private company, or part of a government entity, has targeted governments, militaries, and security organizations worldwide. Their activities have been marked by the use of sophisticated tools and techniques, including the creation and deployment of various Trojans and backdoors for cyber espionage purposes. Among the tools developed by the Sofacy Group is Komplex, a Trojan designed to compromise OS X devices. They have also introduced Cannon, a new Trojan with a novel email-based C2 communication channel, which had not been previously observed in their operations. The group has shown its adaptability and innovation by continuously enhancing its toolset to carry out attack campaigns across multiple platforms. In addition to these developments, the Sofacy Group has deployed a new set of data-theft modules against victims, including the AZZY backdoors with side-DLL for Command & Control (C&C). Notably, the group seems to persistently use the same hosting services to host their infrastructure, despite no direct overlap in IP addresses. As the Sofacy Group continues to bolster its toolset and refine its tactics, it remains a significant threat to global cybersecurity.
Description last updated: 2024-09-05T13:16:00.678Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT28 is a possible alias for Sofacy Group. APT28, also known as Fancy Bear, Forest Blizzard, Unit 26165 of the Russian Main Intelligence Directorate, and various other names, is a threat actor believed to be linked to Russia's GRU. This group has been active since at least 2007 and has targeted governments, militaries, and security organizat
4
Sednit is a possible alias for Sofacy Group. Sednit, also known as APT28, Fancy Bear, Pawn Storm, Sofacy Group, BlueDelta, and Strontium, is a threat actor associated with Russia's military intelligence. The group has been active since at least 2007, primarily targeting governments, militaries, and security organizations worldwide. Notably, Se
2
Pawn Storm is a possible alias for Sofacy Group. Pawn Storm, also known as APT28, Fancy Bear, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor that has been active since at least 2007. This group is notorious for targeting governments, militaries, and security organizations worldwide. The cybersecurity industry identifies Pawn Sto
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Sofacy Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
a month ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
10 months ago
Securityaffairs
10 months ago
Securityaffairs
a year ago
MITRE
2 years ago
MITRE
2 years ago
Securityaffairs
a year ago
DARKReading
a year ago
MITRE
2 years ago
MITRE
2 years ago
Securityaffairs
a year ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
Securityaffairs
a year ago
MITRE
2 years ago