Sofacy
-
First known sample
2008 -
Discovery
2014 -
Number of targets
1-100 -
Current status
Active -
Type
Backdoor , Trojan -
Targeted platforms
Linux , Windows , iOS -
TOP targeted countries
Belgium , France , Greece , Jordan , USA , United Arab Emirates -
Connected attacks
More about the Sofacy group, its tactics, techniques, procedures and tools
-
The way of propagation
Exploits , Social engineering -
Purpose/Functions
Cyberespionage , Data theft , Data wiping , Surveillance -
Special features
Modular structure, USB stealing implant, which allows it to copy data from air-gapped computers
-
Targets
Defense industrial base , Government entities , Military -
Artefacts/Attribution
Russian language artefacts
-
Description
Active since 2004, this group is one of the most prolific and persistent threat actors to date. They’re most well-known for their attacks against the Democratic National Committee in 2016 in an effort to interfere with the US presidential elections and have been blamed for attempting to influence the French presidential elections in 2017. Their attacks have included the use of zero day exploits, custom developed malware in a variety of languages, and even attacks against mobile platforms. This actor has attacked government agencies, media outlets, and NGOs. Aside from traditional targeting, they are also well-known for their use of false fronts to conduct disinformation campaigns.