fancybear
Latest
Russian hackers target governments in Europe and South America
Russia's Fancy Bear hacking team (aka APT28) isn't just focused on meddling with elections and retaliating against anti-doping agencies. Symantec has observed Fancy Bear conducting intelligence gathering hacks in Europe and South America, including governments, military targets, an embassy and a "well-known international organization." The group has been using a common set of tools to conduct the campaign, although it also recently expanded its repertoire to include hacks that are considerably harder to stop.
Russian hackers have been targeting journalists since 2014
The hacker group called Fancy Bear (which has been linked to Russian intelligence agency GRU) has been accused of the leaking of the Democratic National Convention emails, the distribution of malware that hijaked Ukranian artillery guns, phishing campaign that used a combination of two zero-day exploits found in Adobe Flash and Windows and an attack not only on German parliament but also the recent German and French elections. So no one should be surprised by the latest report that Fancy Bear has been targeting journalists.
FBI failed to warn officials about Russian email hackers
It's no longer a secret that Russian hackers have targeted the personal email accounts of American officials, but the FBI was apparently less than vigilant in giving these targets a heads-up. The AP has discovered through interviews that, out of nearly 80 people Russia's Fancy Bear team tried to compromise (mainly in 2015), only two had been told by the FBI -- even though the bureau reportedly had evidence for a year or more. In a few cases, the AP chat was the first time the victims learned they were in the crosshairs.
AP investigation details how Russia hacked the DNC’s emails
Today, an extensive Associated Press investigation revealed just how Russian actors hacked into the Hillary Clinton campaign. A single successful phishing email out thirty attempts sent in March 2016 gave the hacking group access to plenty of the Democratic candidate's secrets, which had severe consequences for her campaign and the party as a whole. As the AP reveals, this wasn't just a few messages that happened to deceive a lone gullible employee: The hacking campaign attempted to compromise Clinton's inner circle and over 130 party employees and supporting staff.
Microsoft is waging a quiet war against elite Russian hackers
Microsoft has proven itself to be an unlikely vigilante in the ongoing international cyberespionage story. The company started out suing the hacking group Fancy Bear for using domain names that violated Microsoft's trademarks, and in doing so unearthed an extensive network of command-and-control servers. Via domains such as 'livemicrosoft.net' or 'rsshotmail.com', hackers are able to communicate with malware installed on targeted computers. But once the domains are back under Microsoft's control they're redirected back from Russian servers, giving the company a bird's-eye view of Fancy Bear's server network. Since August, Microsoft has taken over 70 different command-and-control points from Fancy Bear using this lawsuit.
Germany confronts Russia over election hacking
Speaking with reporters at a conference in Potsdam, Hans-Georg Maassen, president of the BfV agency (Germany's domestic intelligence group) renewed claims that Russian hackers were behind the attack on his country's parliament. He also warned the other nation against attempting to weaponize the "large amounts of data" stolen in that breach in the upcoming national elections come September.
Russian hackers are extorting American left-wing groups (updated)
Russian hackers aren't done trying to influence American politics just because the presidential election is over, if you believe Bloomberg's sources. The news outlet understands that the FBI is investigating "at least a dozen" incidents where Russian hackers tried to blackmail US liberal groups. Typically, the intruders threaten to leak embarrassing emails and documents (complete with proof) unless the group pays the equivalent of tens of thousands of dollars in bitcoins. Some of the groups under fire include Arabella Advisors, which helps investors in liberal causes, as well as the think tank Center for American Progress.
Russia-backed malware can now target Macs
The state-backed Russian group accused of hacking the Democratic National Committee appears to be expanding its repertoire. Bitdefender Labs researchers have obtained a sample of a Mac-native variant of Xagent, the backdoor malware linked to Russia's APT28 (aka Fancy Bear or Strontium). The code not only allows swiping passwords and capturing screenshots, but includes a module that can swipe iOS device backups created by iTunes. While it's easy to encrypt those backups, this theoretically gives intruders a chance at snooping on iPhone data without having to compromise the iPhone itself.
Russian hackers reportedly attack Ukrainian weapons, power grid
As the conflict in Eastern Ukraine escalates, two separate reports point to Russian hackers disrupting the power grid and weapons in the war-torn country. Outside of Kiev, between 100,000 and 200,000 people were plunged into darkness when portions of the Ukrenergo power company were knocked offline on December 18. The electricity was quickly restored but the situation is raised concerns of infrastructure hacking.
German Intel chief: Russia is trying to 'destabilize' the country
America's recent elections weren't the only event that Russia has been accused of meddling in. On Thursday, President Dr Hans-Georg Maaßen of the Bundesamt für Verfassungsschutz (BfV), Germany's internal intelligence service, issued a brutally frank press release laying out the BfV's accusations against Russia.