However, there are also major implementation differences between the Sofacy dropper and the publicly leaked Carberp code. This suggests that the Pawn Storm group has access to a more recent version of Carberp or that it continued to develop it privately.
Since 2009 several groups of cybercriminals have used Carberp and most of them were arrested by Russian authorities. The Trojan has been something of an oddity in the cybercrime world because for many years it was only used against online banking users from Russia and former Soviet Union countries.
Sign up for CIO Asia eNewsletters.