Kurt Baumgartner, Kaspersky

Data points over the past couple of years provide quiet hints of links between what was previously considered Sofacy, Zebrocy, and Black Energy. Now, evidence seems to suggest yet another clustering. Some of these connectors breezed through public discussion and some have not. However, when data unexpectedly overlaps between even Turla and Zebrocy, these weak connections, evaluations of motivations and targeting, and clustering itself, need to be carefully considered. Another look at the forest in the context of publicly available data, along with newer targeting and malware data, may still aid in seeing the forest while looking at the trees.