AlienVault researchers have listed Sofacy, also known as Fancy Bear or APT28, as the most capable hacking group in the world. This was based on ranking the top threat actors which have been reported the most frequently on the AlienVault Open Threat Exchange (OTX) Platform.
The results were then formulated to measure the cyber group’s activity (the number of times AlienVault vendors reported them) alongside the measure of their known capabilities over the past two years:
Sofacy gained notoriety in the past for targeting NATO and defence ministries and have most recently expanded their operations by targeting multinational organisations and individuals. In second place is Lazarus, who is reported to be operating from North Korea. Although extremely active, their attacks are mainly focused on South Korea.
Three years ago, these positions could easily have been dominated by Chinese groups. However, according to OTX research, there has been a significant decrease in the number of targeted attacks on western organisations by threat actors located in China. Stone Panda, ranked in at number 10, is the highest threat actor operating out of China.
Interestingly, there was only one threat actor among the top five with a primary motive for economic gain. The Anunak/ Carbanak malware was well documented in the news with the group behind the attack reportedly stealing over $500 million from various financial institutions. It is thought that the Anunak toolset is shared discretely among a select few in the criminal cyber world.
This research was analysed and produced using AlienVault’s OTX platform, a sharing platform for daily cyber threats, and concludes a three-part series.
Part 1 focused on exploits tracked by OTX, with the most commonly reported being CVE-2017-0199 on Microsoft Office. Part 2 addresses malware, with MjRat Variants ranking as the most frequently detected malware.