![]() ![]() Attacks įancy Bear's targets have included Eastern European governments and militaries, the country of Georgia and the Caucasus, Ukraine, security-related organizations such as NATO, as well as US defense contractors Academi (formerly known as Blackwater and Xe Services), Science Applications International Corporation (SAIC), Boeing, Lockheed Martin, and Raytheon. "Fancy" refers to "Sofacy", a word in the malware that reminded the analyst who found it, of Iggy Azalea's song " Fancy". "Bear" indicates that the hackers are from Russia. The name "Fancy Bear" derives from the coding system that Dmitri Alperovitch's company CrowdStrike uses for hacker groups. FireEye director of threat intelligence Laura Galante referred to the group's activities as "state espionage" and said that targets also include "media or influencers." Evidence collected by FireEye suggested that Fancy Bear's malware was compiled primarily in a Russian-language build environment and occurred mainly during work hours paralleling Moscow's time zone. The report found operational details indicating that the source is a "government sponsor based in Moscow". ![]() The report designated the group as "Advanced Persistent Threat 28" (APT28) and described how the hacking group used zero-day exploits of the Microsoft Windows operating system and Adobe Flash. Network security firm FireEye released a detailed report on Fancy Bear in October 2014. The name was due to the group's use of "two or more connected tools/tactics to attack a specific target similar to the chess strategy," known as pawn storm. Trend Micro designated the actors behind the Sofacy malware as Operation Pawn Storm on October 22, 2014. Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the Norwegian parliament, the French television station TV5Monde, the White House, NATO, the Democratic National Committee, the Organization for Security and Co-operation in Europe and the campaign of French presidential candidate Emmanuel Macron. The group targets government, military, and security organizations, especially Transcaucasian and NATO-aligned states. ![]() Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of state actors. The name "Fancy Bear" comes from a coding system security researcher Dmitri Alperovitch uses to identify hackers. The group promotes the political interests of the Russian government, and is known for hacking Democratic National Committee emails to attempt to influence the outcome of the United States 2016 presidential elections. Among other things, it uses zero-day exploits, spear phishing and malware to compromise targets. įancy Bear is classified by FireEye as an advanced persistent threat. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on one of the buildings collapsed as a result of the explosion. This refers to its unified Military Unit Number of the Russian army regiments. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. ![]() The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. Grizzly Steppe (when combined with Cozy Bear)įancy Bear (also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky), Sednit, Tsar Team (by FireEye) and STRONTIUM (by Microsoft)) is a Russian cyber espionage group. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |