APT28 aka Sofacy or Fancy Bear has recently resurfaced with its Lojax rootkit, as reported by a Twitter handle called blackorbird as well as many others. A variant of the malware is being used in ongoing attacks, hitting targets in the Central Asian nations, as well as diplomatic and foreign affairs organizations.
A few sources including the Kaspersky Lab believe that the malware resembles XTunnel, a tool APT28 used to breach the DNC in 2016. Indicators of Compromise have been retrieved for this APT group and are reported below.
APT28 has targeted governments in Europe and Latin America and is believed to have ties with the Russian government.
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)
Block the threat indicators at their respective controls.