Sofacy

  • First known sample

    2008
  • Discovery

    2014
  • Number of targets

    1-100
  • Current status

    Active
  • Type

    Backdoor , Trojan
  • Targeted platforms

    Linux , Windows , iOS
  • TOP targeted countries

    Belgium , France , Greece , Jordan , USA , United Arab Emirates
  • Connected attacks

  • The way of propagation

    Exploits , Social engineering
  • Purpose/Functions

    Cyberespionage , Data theft , Data wiping , Surveillance
  • Special features
    Modular structure, USB stealing implant, which allows it to copy data from air-gapped computers
  • Targets

    Defense industrial base , Government entities , Military
  • Artefacts/Attribution
    Russian language artefacts
  • Description

    Active since 2004, this group is one of the most prolific and persistent threat actors to date. They’re most well-known for their attacks against the Democratic National Committee in 2016 in an effort to interfere with the US presidential elections and have been blamed for attempting to influence the French presidential elections in 2017. Their attacks have included the use of zero day exploits, custom developed malware in a variety of languages, and even attacks against mobile platforms. This actor has attacked government agencies, media outlets, and NGOs. Aside from traditional targeting, they are also well-known for their use of false fronts to conduct disinformation campaigns.

    Additional information