Fancy Bear

"STRONTIUM" redirects here. For other uses, see Strontium (disambiguation).
Fancy Bear
Formationc. 2004–2007[a]
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
Region
Russia
MethodsZero-days, spearphishing, malware
Official language
Russian
Parent organization
GRU[3][4][5]
AffiliationsCozy Bear
Formerly called
  • APT28
  • Pawn Storm
  • Sofacy Group
  • Sednit
  • STRONTIUM
  • Tsar Team
  • Threat Group-4127
  • Grizzly Steppe (when combined with Cozy Bear)

Fancy Bear[b] is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU.[7][8] The UK's Foreign and Commonwealth Office[9] as well as security firms SecureWorks,[10] ThreatConnect,[11] and Mandiant,[12] have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165.[5][4] This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data,[13] were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.[14][15]

Fancy Bear is classified by FireEye as an advanced persistent threat.[12] Among other things, it uses zero-day exploits, spear phishing and malware to compromise targets. The group promotes the political interests of the Russian government, and is known for hacking Democratic National Committee emails to attempt to influence the outcome of the United States 2016 presidential elections.

The name "Fancy Bear" comes from a coding system security researcher Dmitri Alperovitch uses to identify hackers.[16]

Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of state actors. The group targets government, military, and security organizations, especially Transcaucasian and NATO-aligned states. Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the Norwegian parliament, the French television station TV5Monde, the White House, NATO, the Democratic National Committee, the Organization for Security and Co-operation in Europe and the campaign of French presidential candidate Emmanuel Macron.[17]

  1. ^ Cite error: The named reference Guardian2 was invoked but never defined (see the help page).
  2. ^ Feike Hacquebord (2017). Two Years of Pawn Storm — Examining an Increasingly Relevant Threat (PDF) (Report). Trend Micro. Archived (PDF) from the original on 2017-07-05. Retrieved 2017-04-27.
  3. ^ Cite error: The named reference Esq was invoked but never defined (see the help page).
  4. ^ a b c Poulson, Kevin (21 July 2018). "Mueller Finally Solves Mysteries About Russia's 'Fancy Bear' Hackers". The Daily Beast. Archived from the original on 23 July 2018. Retrieved 21 July 2018.
  5. ^ a b "Indicting 12 Russian Hackers Could Be Mueller's Biggest Move Yet". Wired. Archived from the original on 13 July 2018. Retrieved 4 October 2018.
  6. ^ DimitrisGritzalis,Marianthi Theocharidou,George Stergiopoulos (2019-01-10). Critical Infrastructure Security and Resilience: Theories, Methods, Tools ... Springer, 2019. ISBN 9783030000240.
  7. ^ "INTERNATIONAL SECURITY AND ESTONIA" (PDF). Valisluureamet.ee. 2018. Archived from the original (PDF) on 26 October 2020. Retrieved 4 October 2018.
  8. ^ "Meet Fancy Bear and Cozy Bear, Russian groups blamed for DNC hack". The Christian Science Monitor. 15 June 2016. Archived from the original on 8 April 2022. Retrieved 4 October 2018.
  9. ^ Wintour, Patrick (3 October 2018). "UK accuses Kremlin of ordering series of 'reckless' cyber-attacks". the Guardian. Archived from the original on 9 July 2022. Retrieved 4 October 2018.
  10. ^ Threat Group-4127 Targets Hillary Clinton Presidential Campaign. Secureworks.com (Report). 16 June 2016. Archived from the original on 20 July 2016. Retrieved 22 December 2016. and is gathering intelligence on behalf of the Russian government.
  11. ^ "Russian Cyber Operations on Steroids". Threatconnect.com. 19 August 2016. Archived from the original on 23 December 2016. Retrieved 22 December 2016. Russian FANCY BEAR tactics
  12. ^ a b "APT28: A Window into Russia's Cyber Espionage Operations?". Fireeye.com. 27 October 2016. Archived from the original on 11 September 2016. Retrieved 1 September 2015. We assess that APT28 is most likely sponsored by the Russian government
  13. ^ "Investigation into Russian military units engaged in psychological operations (PSYOP) and hacking attacks — Molfar". molfar.com. Retrieved 2023-07-24.
  14. ^ "Russia accuses Ukraine of drone attacks in Moscow – DW – 07/24/2023". dw.com. Retrieved 2023-07-24.
  15. ^ Robin, Sébastien (2023-07-25). "Ukrainian Drones Attacked Russian Spies in Moscow—and 'There Will Be More of It'". ca.news.yahoo.com. Retrieved 2024-05-04.
  16. ^ "The Man Leading America's Fight Against Russian Hackers Is Putin's Worst Nightmare". Esquire.com. 2016-10-24. Archived from the original on 2018-01-26. Retrieved 2017-05-07.
  17. ^ Hern, Alex (8 May 2017). "Macron hackers linked to Russian-affiliated group behind US attack". the Guardian. Archived from the original on 13 April 2018. Retrieved 16 March 2018.


Cite error: There are <ref group=lower-alpha> tags or {{efn}} templates on this page, but the references will not show without a {{reflist|group=lower-alpha}} template or {{notelist}} template (see the help page).