Fancy Bear has been known to use software such as ADVSTORESHELL, CHOPSTICK, JHUHUGIT, and XTunnel. The group also has dedicated considerable time in developing several custom malware such as its namesake Sofacy malware and droppers such as Foozer, WinIDS, X-Agent, X-Tunnel, and DownRange.
APT28 is still highly active. The group is continuously improving its tactics and procedures to obtain sensitive information while remaining undetected. The threat group is now believed to be implementing counter-analysis techniques to obfuscate code.
Fancy Bear is widely considered to be one of the most successful cyberespionage threat actor groups active in the wild. The group ..