Try out the free online demo right in the browser, or purchase today on Steam!
Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT.
For the first category we have the winner of Yeah League, a.k.a. It was our largest submission in size by far and was downright pleasant to look at while exploring. We really enjoyed climbing over giant pixelated renditions of Yeah Jam Fury, based on sprites created by our very own SSF2 dev Friend Alias (a.k.a. And finally Kirbyrocket’s “Thinking Outside” stage was a mighty contender for Fury League.
Just loading the stage in the builder caused our computers to chug, so this must have taken some massive amount of patience! It showcased a funky physics exploit that slipped under the QA radar (but honestly aren’t all bugs just features?
It may have taken 500 attempts to clear some of these stages but we’ve completed them all and are excited to share our top picks! This one goes to “The Keeper of The Forest” stage by Anton G. Our fingers became basically defunct once we finally cleared it. Before closing, we also have some runner-ups in each category that we think deserve honorable mention: First runner-up was Len’s stage named “YJF Printer: Yeah, Jam, and Fury”, a strong candidate for the Yeah League.
Meanwhile in early-to-mid 2017, SPLM/CHOPSTICK/XAgent detections in Central Asia provided a glimpse into ongoing focus on ex-Soviet republics in Central Asia.
These particular detections are interesting because they indicate an attempted selective 2nd stage deployment of a backdoor maintaining filestealer, keylogger, and remoteshell functionality to a system of interest.
In a similar vein with past Cyber Berkut activity, attackers hid behind anonymous activist groups like “anonpoland”, and data from victimized organizations were similarly leaked and “weaponized”.
This write-up will survey notables in the past year of 2017 Sofacy activity, including their targeting, technology, and notes on their infrastructure.