Russia’s Fancy Bear hackers likely penetrated a federal agency
New clues indicate that APT28 may be behind mysterious intrusion disclosed last week. …
reader comments
42 with 30 posters participating
A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified—and appear likely to be part of a notorious team of cyberspies working in the service of Russia’s military intelligence agency, the GRU.
Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. It identified neither the attackers nor the agency, but it did detail the hackers’ methods and their use of a new and unique form of malware in an operation that successfully stole target data. Now, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest a likely answer to the mystery of who was behind the intrusion: They appear to be Fancy Bear, a team of hackers working for Russia’s GRU. Also known as APT28, the group has been responsible for everything from hack-and-leak operations targeting the 2016 US presidential election to a broad campaign of attempted intrusions targeting political parties, consultancies, and campaigns this year.
The clues pointing to APT28 are based in part on a notification the FBI sent to targets of a hacking campaign in May of this year, which WIRED obtained. The notification warned that APT28 was broadly targeting US networks, including government agencies and educational institutions, and listed several IP addresses they were using
Continue reading – Article source