Clever Geek Handbook
📜 ⬆️ ⬇️

Fancy bear

Fancy Bear (from the English - “Fashion Bear” [1] ) (also Fancy Bears , APT28 , Sofacy , Pawn storm , Sednit and Strontium [2] ) is a hacker group. Effective since 2004 [3] . Known for cyber attacks on state, information, military and other structures of foreign countries, as well as Russian opposition and journalists [4] . American cybersecurity experts associate the group with Russian intelligence services [5] . In 2018, the United States was formally charged against a number of Russian military intelligence officers , which indicated that military personnel in military unit 26165 (85th main center of the special service) and military unit 74455 [6] [7] were behind Fancy Bear . .

Content

Security Services Ratings

The nickname for the hacker group was given by cybersecurity specialist Dmitry Alperovich from the American anti-virus company CrowdStrike due to the group using “two or more related tools / tactics to attack a specific target similar to a chess strategy” [8] , known as a pawn assault . He gave the nickname to another hacker group - Cozy Bear , which he also associated with Russian special services [9] .

FireEye, a network security firm, released a Fancy Bear report in October 2014. The group is referred to as the Advanced Persistent Threat 28 ( APT28 ) type of threats, whose members used a zero-day vulnerability on Microsoft Windows and Adobe Flash during hacking [10] . The document with reference to operational data calls the basis of the group "state sponsor in Moscow". In support of this conclusion, investigators point to the style inherent in the Russian-language code of the malicious program, as well as the fact that the program was edited during the working hours of the Moscow time zone [11] . At the same time, 2 indisputable facts are ignored: 1) in Russia - 11 time zones and an attack at any time of the day can be presented as perfect from Russian territory; 2) except Moscow, the indicated time zone (UTC +3) also includes the following countries and territories: Republic of Abkhazia , Belarus , South Ossetia , Turkey , Iraq , TRNC , Kuwait , PMR , Saudi Arabia , Bahrain , Qatar , Sudan , Eritrea , Yemen , Djibouti , Ethiopia , South Sudan , Somalia , Somaliland , Uganda , Kenya , Tanzania , Madagascar ). FireEye’s threat director Laura Galante described the group’s activities as “state espionage” [12] , whose attacks also target “media or influencers” [13] [14] .

According to ESET, hackers attacked the embassies of dozens of states, the ministries of defense of Argentina, Bangladesh, Turkey, South Korea and Ukraine, NATO officials, Ukrainian politicians, and journalists from Eastern Europe. In Russia, members of the Anonymous International group (Humpty Dumpty), members of the People’s Freedom Party and other opposition members, as well as foreign scholars who visited Russian universities, were subjected to hacking [3] During the attacks, Sednit used phishing attacks , letters from viruses, malicious sites and previously unknown vulnerabilities in programs using a large number of tools created by them. Similarly to FireEye, ESET experts noted that hacker activity occurred between 9:00 a.m. and 5:00 p.m. UTC + 3 (same as Moscow time).

Famous cyberattacks

Germany

The German Federal Constitutional Defense Service accuses Russia of cyber attacks on German government agencies [4] . On May 13, 2016, service head Hans-Georg Maasen stated that it was Sofacy who was behind the attacks on the Bundestag information system in 2015 and attacks on the Christian Democratic Union of Germany , led by German Chancellor Angela Merkel [15] . The purpose of the attacks was to collect confidential information. According to Maasen, the group tried to penetrate into the information systems of Germany for more than ten years and all this time the German counterintelligence conducted surveillance over it [4] . In addition to government agencies, the target of cyber attacks was power plants and other important industrial and infrastructure facilities [4] .

France

On April 8, 2015, the French television channel TV5 Monde became a victim of a cyberattack; Channel broadcasting was interrupted for three hours [16] . According to the original version, the attack was carried out by the hacker group CyberCaliphate, associated with the Islamic State terrorist organization. Subsequently, however, French investigators expressed suspicion that the group could be behind the attack Sofacy [17] . French Prime Minister Manuel Waltz called the attack “an unacceptable attempt on freedom of information” [18] .

US and NATO

In August 2015, Sofacy launched a spoofing attack on the White House and NATO information systems. Hackers used the phishing method with a false URL electronicfrontierfoundation.org [19] [20] .

In the summer of 2016 , when the U.S. Democratic Party's internal network was hacked, CrowdStrike, which eliminated the consequences of the hack, announced that it was organized by the Fancy Bear and Cozy Bear groups. [21]

International Organizations

Wada

Fancy Bear is accused of hacking the World Anti-Doping Agency website in August 2016. The hacking was made after this international organization published a report accusing Russia of creating a state-supported system for the use of doping by athletes [22] .

In 2016, Fancy Bear gained access to the data of the ADAMS electronic system of the World Anti-Doping Agency and published part of the materials on its website. The agency confirmed the authenticity of the materials.

On September 13, the first list of athletes with positive doping tests was posted on the site of the hacker group [23] [24] [25] [26] . In total, five lists were published [27] and the correspondence of an employee of the US Anti-Doping Agency that in 2015 more than 200 athletes from the USA for therapeutic purposes received permission to use illegal drugs considered doping [28] .

In January 2018, correspondence was published between employees of the International Olympic Committee and WADA [29] .

Cyberattack on the US Democratic National Committee

Among the Fancy Bears hackers include, among other things, the June 2016 attack on the U.S. Democrats network .

Windows

In early November 2016, Microsoft announced the hacking of the latest version of Windows . According to cybersecurity experts, the hack was committed by the hacker group Strontium (Fancy Bear) [2] .

See also

  • Cozy bear

Notes

  1. ↑ Who are the Fancy Bears?
  2. ↑ 1 2 “Why Windows hack is being blamed on Russia-linked group” , BBC , November 3, 2016
  3. ↑ 1 2 Experts talked about the attacks of Fancy Bear on the Humpty Dumpty Meduza , 10.20.2016
  4. ↑ 1 2 3 4 “Russia 'was behind German parliament hack'”
  5. ↑ Meet Cozy Bear and Fancy Bear, the Russian groups behind the cracking of the Democratic National Committee’s network
  6. ↑ Indicting 12 Russian Hackers Could Be Mueller's Biggest Move Yet (neopr.) . Wired.com . Date of treatment October 4, 2018.
  7. ↑ Kozachek, aka Kazak, aka blablabla1234565 12 GRU officers were accused of interfering in the American election. Who they are and what they did (according to the USA) , Meduza (July 13, 2018). Date of treatment November 17, 2017.
  8. ↑ Operation Pawn Storm: Using Decoys to Evade Detection (Neopr.) . Trend Micro (2014).
  9. ↑ Russian hackers accused of hacking Democratic Party headquarters networks
  10. ↑ Russian cyber attackers used two unknown flaws: security company , Reuters (April 18, 2015).
  11. ↑ APT28 - State Sponsored Russian Hacker Group , The Hacker News (October 30, 2014).
  12. ↑ Meet APT28, Russian-backed malware for gathering intelligence from governments, militaries: Report , Tech Times (October 30, 2014).
  13. ↑ APT28: A Window into Russian Cyber ​​Espionage Operations? (unspecified) . FireEye (October 27, 2014).
  14. ↑ France: Russian hackers posed as ISIS to hack a French TV broadcaster , Business Insider (June 11, 2015).
  15. ↑ Russian Hackers Suspected In Cyberattack On German Parliament , London South East , Alliance News (June 19, 2015).
  16. ↑ Isil hackers seize control of France's TV5 Monde network in 'unprecedented' attack , Daily Telegraph (April 9, 2015). Date of treatment April 10, 2015.
  17. ↑ France probes Russian lead in TV5 Monde hacking: sources , Reuters (10 June 2015). Date of treatment July 9, 2015.
  18. ↑ French media groups to hold emergency meeting after Isis cyber-attack , The Guardian (April 9, 2015). Date of treatment April 10, 2015.
  19. ↑ Spear phishers with suspected ties to Russian government spoof fake EFF domain, attack White House , Boing Boing (August 28, 2015).
  20. ↑ New Spear Phishing Campaign Pretends to be EFF (neopr.) . EFF (August 27, 2015).
  21. ↑ Elizabeth Focht. Responsibility for hacking Democratic party networks took a single hacker (neopr.) . RBC (June 16, 2016). Date of treatment July 25, 2006.
  22. ↑ Hyacinth Mascarenhas. Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say (neopr.) . International Business Times (August 23, 2016). Date of treatment August 25, 2016.
  23. ↑ Boxer from the Russian Federation Misha Aloyan passed a positive doping test in Rio - Hackers
  24. ↑ Hackers uploaded new documents on doping athletes, including boxer Aloyan
  25. ↑ WADA allowed Williams sisters and Biles gymnast to take doping
  26. ↑ Biles said she has nothing to be ashamed of using ADHD medication
  27. ↑ Fancy Bears posted a fifth of WADA documents
  28. ↑ Hackers learned about 200 American athletes with permission to take doping
  29. ↑ Maclaren turned out to be a weapon against Russia

Links

  • Official Fancy Bear Website
  • A. Soshnikov Bears with keyboards: are Russian hackers the most powerful in the world? BBC , September 15, 2016
  • Who are the Fancy Bears? NTV
Source - https://ru.wikipedia.org/w/index.php?title=Fancy_Bear&oldid=100933142


More articles:

  • Franchise (insurance)
  • Limburg Pie
  • Kantor, Maxim Karlovich
  • Building Yard
  • Territorial Dispute between Moldova and Ukraine
  • Hercules Caves
  • Government House (Chisinau)
  • Gills (village)
  • Kamyshta (station)
  • David Reid (boxer)

All articles

Clever Geek | 2019