Fancy Bear Strikes Again

fancy bear russian flag

In an eerie echo to the breaches related to the 2016 US presidential election, the election campaign of presidential candidate Emmanuel Macron in France was also targeted. Early reports indicate that it was the same group of hackers responsible for both. Sometimes called Fancy Bear or the Sofacy Group, security researchers know the group as APT 28, short for Advanced Persistent Threat 28. APTs generally have the ability to infiltrate their target network, even with advanced protections in place, and can remain undetected for days, months, even years, as they exfiltrate data back to their command and control server. While many were shocked at the hacking related to the US election, the hack of Macron’s campaign just proves the new normal – state-sponsored APTs are here to stay.

Security researchers have been tracing the activities of APT 28 for years, and have found that frequent targets include NATO, former Soviet countries such as Georgia and Estonia, and now elections in Europe and the United States. Multiple security firms have tied APT 28 to the GRU, which is the military intelligence arm of the Russian government. While APT 28 is not the only group tied to the Russian government, it’s fast becoming the most recognizable.

In addition to the election breaches, APT 28 has been named as the group responsible for hacking the World Anti-Doping Agency in the summer of 2016, in response to international pressure to ban Russian athletes from competition due to allegedly using performance enhancing drugs. Given the pace of known breaches, both government and private industry are on the watch for the next possible infiltration point in the cat and mouse game of the new cold war of cyberspace.