Meet The Fancy Bears

Uploaded on 2016-10-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

For the first time in history, Washington has accused a foreign government of trying to influence the US election.

On the morning of March 10, nine days after Hillary Clinton had won big on Super Tuesday and all but clinched the Democratic nomination, a series of emails were sent to the most senior members of her campaign.

At a glance, they looked like a standard message from Google, asking that users click a link to review recent suspicious activity on their Gmail accounts. Clicking on them would lead to a page that looked nearly identical to Gmail’s password reset page with a prompt to sign in. Unless they were looking closely at the URL in their address bar, there was very little to set off alarm bells.

From the moment those emails were opened, senior members in Clinton’s campaign were falling into a trap set by one of the most aggressive and notorious groups of hackers working on behalf of the Russian state. The same group would shortly target the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC). It was an orchestrated attack that, in the midst of one of the most surreal US presidential races in recent memory, sought to influence and sow chaos on Election Day.

The hack first came to light on June 15, when the Washington Post published a story based on a report by the CrowdStrike cybersecurity firm alleging that a group of Russian hackers had breached the email servers of the DNC. Countries have spied on one another’s online communications in the midst of an election season for as long as spies could be taught to use computers, but what happened next, the mass leaking of emails that sought to embarrass and ultimately derail a nominee for president, had no precedent in the United States. 

Thousands of emails, some embarrassing, others punishing, were available for public perusal while the Republican nominee for president, Donald Trump, congratulated Russia on the hack and invited it to keep going to “find the 30,000 emails that are missing” from Clinton’s private email server. It was an attack that would edge the US and Russia closer to the brink of a cyberwar that has been simmering for the better part of a decade.

The group behind the hacks is known as Fancy Bear, or APT 28, or Tsar Team, or a dozen other names that have been given to them over the years by cybersecurity researchers. Despite being one of the most reported-on groups of hackers active on the internet today, there is very little researchers can say with absolute certainty. 

No one knows, for instance, how many hackers are working regularly within Fancy Bear, or how they organize their hacking squads. They don’t know if they are based in one city or scattered in various locations across Russia. They don’t even know what they call themselves.

The group is, according to a White House statement, receiving their orders from the highest echelons of the Russian government and their actions “are intended to interfere with the US election process.” For the cybersecurity companies and academic researchers who have followed Fancy Bear’s activities online for years, the hacking and subsequent leaking of Clinton’s emails, as well as those of the DNC and DCCC, were the most recent, and most ambitious, in a long series of cyber-espionage and disinformation campaigns. 

From its earliest-known activities, in the country of Georgia in 2009, to the hacking of the DNC and Clinton in 2016, Fancy Bear has quickly gained a reputation for its high-profile, political targets.

“Fancy Bear is Russia, or at least a branch of the Russian government, taking the gloves off,” said one official in the Department of Defense. “It’s unlike anything else we’ve seen, and so we are struggling with writing a new playbook to respond.” The official would speak only on condition of anonymity, as his office had been barred from discussing with the press the US response to Fancy Bear’s attacks. “If Fancy Bear were a kid in the playground, it would be the kid stealing all the juice out of your lunch box and then drinking it in front of you, daring you to let him get away with it.”

For a long time, they did get away with it. Fancy Bear’s earliest targets in Georgia, Ukraine, Poland, and Syria meant that few in the US were paying attention. But those attacks were where Fancy Bear honed their tactics, going after political targets and then using the embarrassing or strategic information to their advantage. 

It was in those earliest attacks, researchers say, that Fancy Bear learned to couple their talent for hacking with a disinformation campaign that would one day see them try to disrupt US elections.

Buzzfeed:                US Intelligence Has The Evidence That Proves Russian Presidential Election Interference:

 

« Christmas Is Cancelled: EU Running A Big Cyberwar Simulation
How To Win The Cyberwar Against Russia »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

Trusted Computing Group

Trusted Computing Group

TCG was formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

Securepoint

Securepoint

Securepoint is the market leader in the development of professional “Unified Threat Management” solutions in Germany.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

Ioetec

Ioetec

Ioetec's mission is to connect users to their IoT devices securely, ensuring these devices remain safe to use in our increasingly connected world.

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

2021.AI

2021.AI

2021.AI serves the growing business need for full oversight and management of applied AI.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.