The Russian-linked cyber-espionage group Sofacy has developed a new version of their Zebrocy tool using the Go programming language, Palo Alto Networks security researchers warn. The first-stage malware was initially analyzed in April this year, and has been observed in numerous attacks in October and November. Last month, however, the researchers also observed a new Trojan being used in the group’s attacks.
Also known as APT28, Fancy Bear, Pawn Storm, Sednit and Strontium, the state-sponsored actor has been active for several years, focusing on cyber-espionage and believed to have orchestrated the attacks targeting the 2016 presidential election in the United States.
Read more about the new malware used by Sofacy on SecurityWeek.