https://www.cyberscoop.com/sofacy-apt28-zebrocy-go-palo-alto-networks/
By Zaid Shoorbajee
CYBERSCOOP
December 18, 2018
An elite Russia-linked hacking group is creating multiple versions of one
of its go-to malicious tools in an apparent attempt to make its activity
harder to detect, according to research published Tuesday by Palo Alto
Networks.
The company's Unit42 threat intelligence team says that the hacker group
Sofacy, also known as APT28, Fancy Bear and many other names, has been
spotted using a version of the Zebrocy trojan written in the "Go"
programming language in multiple phishing campaigns. The findings add to a
list of Zebrocy variants written in different types of code.
Researchers and Western governments have largely attributed APT28 to
Russian intelligence services.
"The use of a different programming language to create a functionally
similar Trojan is not new to this group, as past Zebrocy variants have
been developed in AutoIt, Delphi, VB.NET, C# and Visual C++," the
researchers wrote. "While we cannot be certain the impetus for this, we
believe the threat group uses multiple languages to create their Trojans
to make them differ structurally and visually to make detection more
difficult."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
