Fancy Bear has been known to use software such as ADVSTORESHELL, CHOPSTICK, JHUHUGIT, and XTunnel. The group also has dedicated considerable time in developing several custom malware such as its namesake Sofacy malware and droppers such as Foozer, WinIDS, X-Agent, X-Tunnel, and DownRange.
APT28 is still highly active. The group is continuously improving its tactics and procedures to obtain sensitive information while remaining undetected. The threat group is now believed to be implementing counter-analysis techniques to obfuscate code.
Fancy Bear is widely considered to be one of the most successful cyberespionage threat actor groups active in the wild. The group is known for its targeted and persistent attacks, some of which last for weeks or even months. The group’s sophisticated and constantly evolving attacks indicate that it is well funded and is likely to continue expanding attacks in the future.