The APT28 (Advanced Persistent Threat) is a hacking group that originates from Russia. Their activity dates as far back as the mid-2000s. Malware researchers believe that the APT28 group’s campaigns are funded by the Kremlin, as they usually target foreign political actors. The APT28 hacking group is best known as Fancy Bear, but it also is recognized under various other aliases – Sofacy Group, STRONTIUM, Sednit, Pawn Storm and Tsar Team.
The Infamous Hacking Campaigns Carried Out by Fancy Bear
Experts believe that the Fancy Bear had a hand in the 2016 Democratic National Committee hack, which some believe had some influence on the outcome of the Presidential Elections taking place the same year. During the same year, the Fancy Bear group also targeted the World Anti-Doping Agency because of the scandal involving Russian athletes. The data that Fancy Bear obtained was then published and available publicly. The data revealed that some of the athletes who tested positive for doping were later exempted. The report of the World Anti-doping Agency stated that the illicit substances were meant for ‘therapeutic use.’ In the period 2014 to 2017, the Fancy Bear group was involved in various campaigns targeting media personalities in the United States, Russia, Ukraine, the Baltic States and Moldova. Fancy Bear went after individuals working in media corporations, as well as independent journalists. All the targets were involved in the reporting of the Russia-Ukraine conflict that took place in Eastern Ukraine. In 2016 and 2017, Germany and France had major elections, and it is likely that the Fancy Bear group dipped their fingers in these pies too. Officials from both countries reported that a campaign using spear-phishing emails as infection vectors took place, but they stated that there were no consequences of the hacking attack.
Fancy Bear’s Tools
To evade the prying eyes of cybersecurity researchers, the Fancy Bear hacking group makes sure to alter their C&C (Command and Control) infrastructure regularly. The group has an impressive arsenal of hacking tools, which they have built privately – X-Agent, Xtunnel, Sofacy, JHUHUGIT, DownRange and CHOPSTICK. Often, instead of direct propagation, Fancy Bear prefers to host its malware on third-party websites, which they build to imitate legitimate pages to trick their victims.
Fancy Bear is one of the most ill-famed hacking groups, and there are no indications that they will halt their campaigns any time soon. The Russian government is known to use the services of hacking groups, and Fancy Bear is one of the highest-tier hacking groups out there.