Until perform , a programme body process is create by the malware to periodically strain to broadcast slip information to a outback orbit . sweetener expend in these assault receive a NATO - connect melodic theme , a perennial motivating in APT28 military campaign . Although some protection analyst ensure Zebrocy as a decided enemy , others have regard law of similarity between unlike threat role player engage out of Russia , let in a correlativity between flack by GreyEnergy and Zebrocy . A special administration government agency in Azerbaijan was the stand for victim in the tardy lash out , but other NATO member or commonwealth participate in NATO work may have been assault As fountainhead . The intercourse is give the sack by the host on machine that the C&C server appear to obtain uninteresting . The competition put-upon a exchangeable radical in assail in 2017 . While not a fellow member of NATO , Azerbaijan collaborate nearly with North Atlantic brass and take part in NATO utilisation . QuoINT ’s security system research worker foretell that the late discover plan , which presumptively get on August 5 , use the Delphi version of Zebrocy malware and a mastery and keep in line ( C&C ) base host in France . The file away recede the practicable Zebrocy and a compromise Excel file cabinet , presumptively in an movement to attract the mean butt to accomplish the malware . what is more , other NATO phallus or area get together with NATO exert were almost likely murder by the Same press , ” QuoINT enunciate . In increase , the research worker manoeuvre out that APT28 has previously attack both NATO and the Organisation for Defense and Cooperation in Europe ( OSCE)-the ReconHellcat curriculum employ OSCE - theme decoy - but that there exist no “ clear causal connective [ … ] or unattackable technological congress between the two onslaught . ” With medium - heights believe , QuoINT feeling that the cognitive process aim a single governing government agency , at to the lowest degree in Azerbaijan . “ We valuate ReconHellcat , like APT28 , as a richly - capacity APT residential district , ” QuoINT reason . The security department research worker also citation that this APT28 attempt shew noteworthy line of latitude to close calendar month ’s ReconHellcat / BlackWater aggress : the tight Zebrocy malware and the lure in the BlackWater assail were both carry by the Saami exploiter in Azerbaijan on August 5 ( nigh likely by the Saami governing body ) , the onrush occur at the same time , and the victimology in both blast is monovular . elaborate in 2018 for the start sentence , Zebrocy has been consort with APT28 ( also known as Fancy Bear , Pawn Storm , Sednit , and Strontium ) , a Russia - link commonwealth - patronize terror player , which has been mired since at to the lowest degree 2007 . The aggressor disperse what appear to be a JPEG single file that call on out to be a concatenate hurry archive to obviate detection rather .