Meet The Fancy Bears

Uploaded on 2016-10-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

For the first time in history, Washington has accused a foreign government of trying to influence the US election.

On the morning of March 10, nine days after Hillary Clinton had won big on Super Tuesday and all but clinched the Democratic nomination, a series of emails were sent to the most senior members of her campaign.

At a glance, they looked like a standard message from Google, asking that users click a link to review recent suspicious activity on their Gmail accounts. Clicking on them would lead to a page that looked nearly identical to Gmail’s password reset page with a prompt to sign in. Unless they were looking closely at the URL in their address bar, there was very little to set off alarm bells.

From the moment those emails were opened, senior members in Clinton’s campaign were falling into a trap set by one of the most aggressive and notorious groups of hackers working on behalf of the Russian state. The same group would shortly target the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC). It was an orchestrated attack that, in the midst of one of the most surreal US presidential races in recent memory, sought to influence and sow chaos on Election Day.

The hack first came to light on June 15, when the Washington Post published a story based on a report by the CrowdStrike cybersecurity firm alleging that a group of Russian hackers had breached the email servers of the DNC. Countries have spied on one another’s online communications in the midst of an election season for as long as spies could be taught to use computers, but what happened next, the mass leaking of emails that sought to embarrass and ultimately derail a nominee for president, had no precedent in the United States. 

Thousands of emails, some embarrassing, others punishing, were available for public perusal while the Republican nominee for president, Donald Trump, congratulated Russia on the hack and invited it to keep going to “find the 30,000 emails that are missing” from Clinton’s private email server. It was an attack that would edge the US and Russia closer to the brink of a cyberwar that has been simmering for the better part of a decade.

The group behind the hacks is known as Fancy Bear, or APT 28, or Tsar Team, or a dozen other names that have been given to them over the years by cybersecurity researchers. Despite being one of the most reported-on groups of hackers active on the internet today, there is very little researchers can say with absolute certainty. 

No one knows, for instance, how many hackers are working regularly within Fancy Bear, or how they organize their hacking squads. They don’t know if they are based in one city or scattered in various locations across Russia. They don’t even know what they call themselves.

The group is, according to a White House statement, receiving their orders from the highest echelons of the Russian government and their actions “are intended to interfere with the US election process.” For the cybersecurity companies and academic researchers who have followed Fancy Bear’s activities online for years, the hacking and subsequent leaking of Clinton’s emails, as well as those of the DNC and DCCC, were the most recent, and most ambitious, in a long series of cyber-espionage and disinformation campaigns. 

From its earliest-known activities, in the country of Georgia in 2009, to the hacking of the DNC and Clinton in 2016, Fancy Bear has quickly gained a reputation for its high-profile, political targets.

“Fancy Bear is Russia, or at least a branch of the Russian government, taking the gloves off,” said one official in the Department of Defense. “It’s unlike anything else we’ve seen, and so we are struggling with writing a new playbook to respond.” The official would speak only on condition of anonymity, as his office had been barred from discussing with the press the US response to Fancy Bear’s attacks. “If Fancy Bear were a kid in the playground, it would be the kid stealing all the juice out of your lunch box and then drinking it in front of you, daring you to let him get away with it.”

For a long time, they did get away with it. Fancy Bear’s earliest targets in Georgia, Ukraine, Poland, and Syria meant that few in the US were paying attention. But those attacks were where Fancy Bear honed their tactics, going after political targets and then using the embarrassing or strategic information to their advantage. 

It was in those earliest attacks, researchers say, that Fancy Bear learned to couple their talent for hacking with a disinformation campaign that would one day see them try to disrupt US elections.

Buzzfeed:                US Intelligence Has The Evidence That Proves Russian Presidential Election Interference:

 

« Christmas Is Cancelled: EU Running A Big Cyberwar Simulation
How To Win The Cyberwar Against Russia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

Nexor

Nexor

Nexor are a UK-based cyber security company with 30 years' experience in secure information exchange.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

GM Sectec

GM Sectec

GM Sectec is the world's largest independent Cyber Defense and Fraud Prevention firm laser focused on payment security.

Clarity

Clarity

Clarity is an AI cybersecurity startup that protects against deepfakes and new social engineering and phishing attack vectors accelerated by the rapid adoption of Generative AI.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.

Ionize

Ionize

Ionize offers solutions to help you uplift your capability across the full-spectrum of cyber security - assessment, remediation, monitoring, governance and ongoing education.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.