From the reports of The Wire and a security research company, an unnamed federal agency of US has been compromised by a hacking group called APT28. While the attackers weren’t named by government in their announcement, reports hint the attacker to be a Russian group called Fancy Bear. They have successfully managed to compromise the network and steal data.
Russian Hackers Behind a Cyberattack
The FBI has issued warnings in May after a cyberattack on one of the federal department. While the intelligence agency hasn’t named a specific hacker behind the breach, reports from The Wire and Dragos, a cybersecurity firm point the APT28 as the culprit. The APT28 is a Russian hacking group named Fancy Bear.
Fancy Bear group is also responsible for interfering in the 2016 presidential elections. As per Joe Slowik from Dragos, one of the IP addresses listed by CISA in its latest advisory was located in Hungary and was used by Fancy Bear earlier. Thus, matching this to hint the culprit group behind the attack.
Also, the researchers point out the behaviour patterns and infrastructure overlap to APT28. The group was routed to have used new sophisticated tools in targeting the agencies. A copy of the malware uploaded to a research repository has shown the attackers using new and old hacking tools.
It’s reported that Fancy Bear operators, just like other ransomware operators, obtain login credentials of an internal employee in some clever way. This could most probably be through a phishing email, which is crafted in a luring say to obtain credentials. Then, they would use them to gain access to the network, and plant malware.
This would ultimately lead to stealing of sensitive data, which could be used against in critical times. While it’s expected that Russian groups would target sensitive companies, what’s more, worrying is the amount of data they’ve obtained.