Sofacy Recycles Carberp and Metasploit Code
The Sofacy Group (also known as Pawn Storm or APT28) is well known for deploying zero-day exploits in their APT campaigns. For example, two recent zero-days used by the Sofacy Group were exploiting vulnerabilities in Microsoft Office CVE-2015-2424 and Java CVE-2015-2590. Link: Sofacy Recycles Carberp and Metasploit Code