Fancy Bear

Fancy Bear, also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky), Sednit, Tsar Team (by FireEye) and STRONTIUM or Forest Blizzard (by Microsoft), is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on one of the buildings collapsed as a result of the explosion.

"STRONTIUM" redirects here. For other uses, see Strontium (disambiguation).
Russia
Formationc. 2004–2007
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
Region
Russia
MethodsZero-days, spearphishing, malware
Official language
Russian
Parent organization
GRU
AffiliationsCozy Bear
Formerly called
  • APT28
  • Pawn Storm
  • Sofacy Group
  • Sednit
  • STRONTIUM
  • Tsar Team
  • Threat Group-4127
  • Grizzly Steppe (when combined with Cozy Bear)

Fancy Bear is classified by FireEye as an advanced persistent threat. Among other things, it uses zero-day exploits, spear phishing and malware to compromise targets. The group promotes the political interests of the Russian government, and is known for hacking Democratic National Committee emails to attempt to influence the outcome of the United States 2016 presidential elections.

The name "Fancy Bear" comes from a coding system security researcher Dmitri Alperovitch uses to identify hackers.

Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of state actors. The group targets government, military, and security organizations, especially Transcaucasian and NATO-aligned states. Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the Norwegian parliament, the French television station TV5Monde, the White House, NATO, the Democratic National Committee, the Organization for Security and Co-operation in Europe and the campaign of French presidential candidate Emmanuel Macron.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.