Sofacy is an advanced persistent threat (APT) that has been active since at least 2016 and continues to be used by various groups for espionage purposes. It primarily targets government organizations, military institutions, defense contractors, energy companies, telecommunications firms, financial institutions, and other high-profile entities in Europe, North America, Africa, Asia, Latin America, the Middle East, and Oceania. Sofacy is known to have compromised over 100 organizations worldwide through a combination of spear phishing emails, watering hole attacks, and exploitation of vulnerabilities in software such as Microsoft Office or Adobe Flash Player. The group behind Sofacy has been linked to Russian military intelligence agency GRU by multiple sources including the US Department of Justice, which indicted seven members of the organization for their involvement with this APT.

Techniques, tactics and practices:

Sofacy is a highly sophisticated threat that employs various techniques to compromise its targets. Some of these include spear phishing emails with malicious attachments or links, watering hole attacks targeting specific websites frequented by the intended victims, and exploitation of vulnerabilities in software such as Microsoft Office or Adobe Flash Player. The group behind Sofacy is also known to use social engineering tactics like impersonation and deception to gain access to sensitive information from their targets. Additionally, they have been observed using malware such as X-Agent, Sysnet, and Kovter to steal data and maintain persistence on compromised systems for extended periods of time. Overall, Sofacy is a highly advanced threat that employs multiple techniques to achieve its objectives.