In recent years there have been a number of different Hacktivism groups that have been floating around the news and the depth of the internet.
And while everyone has their own opinion of the actions carried about by these groups, some of them appear to have more depth to them than others.
The Fancy Bear group are some what of an enigma in regard to Hacktivism. Although their manifesto appears to offer a very clear and somewhat understandable objective.
“Greetings citizens of the world. Allow us to introduce ourselves… We are Fancy Bears’ international hack team. We stand for fair play and clean sport. ”
From the initial outset the Fancy Bear group appears to be only after one thing, and that is making sport clean and fair. And in recent years a huge amount of doping in sports has been in the tabloids. Making their objectives relatable and arguably, in the public interest.
But why would a group that appears to want to make sport clean and fair, have alleged ties to the Russian Government. And why have they been accused of a number of hacks that do not appear to related to sports in the slightest.
The list below is attacks carried out by the Fancy Bear group that appear to have much greater political motivation than a group who just want to clean up sports.
- German Attack (2014)
- The Fancy Bear group are alleged to have carried out a 6 month cyber-attack on the German parlement that began in December 2015.
- There is also further speculation that the Fancy Bears are also responsible for a spear phishing campaign that targeted members of the German Parlement.
- There was a perceived threat to the coming 2017 German election as the information acquired during the attacks might have led to manipulation of the general publics options before the vote.
- French Television Hack (April 2015)
- In april 2015 there was a large-scale cyber-attack aimed at a French TV network TV5Monde. While initially the attack appeared to have been carried out by a group connected to the Islamic State.
But these claims where soon dismissed by the French cyber-agency. They believed the attack had been carried out by the APT 28 group, other wise know as the Fancy Bears.
- R00t9B Report (May 2015)
- In May 2015 a Cyber Security Firm Root9B published a report on the Fancy Bears. The report stated that they had discovered targeted spear phishing attacks targeting financial institutions.
United Bank for Africa, Bank of America, TD Bank and the UAE Bank were all targeted. Although security journalist Brian Krebs argued that the attacks may have come from Nigerian phishers.
- EEF spoof, White House and NATO attack (August 2015)
- The Fancy Bears are also known to have used a number of zero-day exploits in 2015. Their attacks initially targeted the Electronic Frontier Foundation and then the White House and NATO. Again a spear phishing campaign was also used to direct emails to a fake URL.
- Democratic National Committee (2016)
- The Fancy Bears also carried out yet another spear phishing attack, this time on the Democratic National Committee in early 2016. The attack was carried out by phishing emails from 2008. Once the older accounts had been compromised the group was able to retrieve an up to date contact list with current members email addresses.
- It was CrowdStrike that reported the Fancy Bears involvement in the attack. Although a sole actor then came forward to take credit for the entire attack.
- Ukrainian Artillery (2014-2016)
- A report from CrowdStrike also presumes that between 2014 and 2016 the Fancy Bears launched a cyber-attack on the Ukrainian military. The attack was carried out using Malware on Android devices.
- The Malware was a compromised versions of an app used to control the targeting for the D-30 Howitzer artillery. They used the X-Agent spyware.
- Windows zero-day (October 2016)
- In 2016 Google’s Threat Analysis Group released a zero-day vulnerability in Microsoft Windows. This was later acknowledged by Microsoft Executive Vice President of the Windows Device Group Terry Myerson. The published a blog post acknowledged that the vulnerability had effected Adobe Flash and down-level Windows Kernal. It was Microsoft that suggested the Fancy Bears had been responsible for the attack. This was referenced by the use of Microsoft’s in-house name for the Fancy Bears ‘STRONTIUM’.
- Dutch Ministries (February 2017)
- More recently in February of 2017 the Dutch Security Services stated that the Fancy Bears had attempted several attacks, with the goal of gaining access to te Dutch ministries.
- German and French Elections (2016-2017)
- A group of researchers from the group Trend Micro published a report in 2017, it contained information regarding attempts made by the Fancy Bear group to phish people associated with both the German and French elections. They carried out the attack by creating fake email servers and then sending phishing emails with links to malware.
Source: Wikipedia, BBC News
Although the 9 attacks listed above are not all of the attacks that have been carried out by the Fancy Bears. They are the attacks that have no association with the world of sports and doping.
And while the hacks relating to sports could be seen as something of a cover to dismiss some of the accusations that the Fancy Bears Report to the Kremlin. This has been floating round for a while, and when you think about a couple of the names the group have previously gone by, Threat Group-4127 sounds not only military but very aggressive.
Could it be that as with a number of elections that appear to have been tampered with that the Russian Government are also attempting to control sports. Or could it be to get back at being banned from global events such as the Olympic games.
Could that have been the trigger for the Fancy Bears to go after the rest of the world in an attempt to fight the system so to speak. I personally belive this to be the case, and although the Russians may not want to be directly associated with the Fancy Bears it is hard to ignore their choice of targets.