- The cyberespionage group has developed a new variant using the Go language.
- Sofacy was spotted delivering the Go variant of the Zebrocy tool via LNK shortcut and a Dear Joohn delivery document.
The Russian cyberespionage group Sofacy, also known as APT28, Fancy Bear, Pawn Storm, Sednit and Strontium has developed a new ‘Go’ variant of the Zebrocy malware using the Go language.
In the past, the Zebrocy variants have been developed in AutoIt, Delphi, VB.NET, C#, and Visual C++. Researchers believe that the Fancy Bear hacker group uses multiple languages to create their malware to make them differ structurally and visually and to make detection more difficult.