Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT.
From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard.
In October 2017, we learned of a vulnerability in Telegram Messengerrsquo;s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service.
Update from February 5, 2018: After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code ve...