Fancy Bear (also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky), Sednit, Tsar Team (by FireEye) and STRONTIUM (by Microsoft)) is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Fireeye's Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. The name "Fancy Bear" comes from a coding system security researcher Dmitri Alperovitch uses to identify hackers. Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of state actors. The group targets government, military, and security organizations, especially Transcaucasian and NATO-aligned states. Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the Norwegian parliament, the French television station TV5Monde, the White House, NATO, the Democratic National Committee, the Organization for Security and Co-operation in Europe and the campaign of French presidential candidate Emmanuel Macron. The group promotes the political interests of the Russian government, and is known for hacking Democratic National Committee emails to attempt to influence the outcome of the United States 2016 presidential elections. Fancy Bear is classified by Fireeye as an advanced persistent threat. Among other things, it uses zero-day exploits, spear phishing and malware to compromise targets.
Fancy Bear (also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky), Sednit, Tsar Team (by FireEye) and STRONTIUM (by Microsoft)) is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Fireeye's Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. The name "Fancy Bear" comes from a coding system security researcher Dmitri Alperovitch uses to identify hackers. Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of state actors. The group targets government, military, and security organizations, especially Transcaucasian and NATO-aligned states. Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the Norwegian parliament, the French television station TV5Monde, the White House, NATO, the Democratic National Committee, the Organization for Security and Co-operation in Europe and the campaign of French presidential candidate Emmanuel Macron. The group promotes the political interests of the Russian government, and is known for hacking Democratic National Committee emails to attempt to influence the outcome of the United States 2016 presidential elections. Fancy Bear is classified by Fireeye as an advanced persistent threat. Among other things, it uses zero-day exploits, spear phishing and malware to compromise targets.
ReplyDelete