Fancy Bear
| Прикольный медведь | |
 |
|
| Formation | c. 2007 |
|---|---|
| Type | Advanced persistent threat |
| Purpose | Cyberespionage, cyberwarfare |
|
Region
|
Russia |
| Methods | Zero-days, spearphishing, malware |
|
Official language
|
Russian |
|
Parent organization
|
probably GRU |
| Affiliations | Cozy Bear |
|
Formerly called
|
APT28 Pawn Storm Sofacy Group Sednit STRONTIUM Tsar Team Threat Group-4127 |
Fancy Bear (also known as APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM) is a cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. Security firms SecureWorks,ThreatConnect, and Fireeye's Mandiant have also said the group is sponsored by the Russian government.
Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of nation-state actors. The threat group is known to target government, military, and security organizations, especially Transcaucasian and NATO-aligned states. Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the French television station TV5Monde, the White House, NATO, the Democratic National Committee, and the Organization for Security and Co-operation in Europe.
Fancy Bear's behaviour has been classified as an advanced persistent threat. They employ zero-day vulnerabilities and use spear phishing and malware to compromise targets.
Trend Micro designated the actors behind the Sofacy malware as Operation Pawn Storm on October 22, 2014. The name was due to the group's use of "two or more connected tools/tactics to attack a specific target similar to the chess strategy," known as pawn storm.
...
Wikipedia