“Novices hack systems, professionals hack people.”
Upon hearing the term “hacker,” what image springs to mind? Any masked individual might have unwittingly accessed your personal information. But can you envisage that any hacker group could be an economic, political, military, or even a primary weapon in warfare?
Let’s dissect this further. Fancy Bear isn’t a small hacking group attacking specific individuals for entertainment. Instead, their work closely aligns with APT (Advanced Persistent Threat) groups. APTs are organisations formed under government or institutional umbrellas for covert cyber operations. Over the years, Fancy Bear’s targets have included various military forces, governments, security organisations, especially those associated with Transcaucasia and NATO-connected countries. The question remains: How do they still function despite the disclosure of their hacking activities?
Their most recent activity includes an alleged acquirement of Kazakhstan government documents and using them as phishing lures to infect and spy on government officials in Central Asia, according to researchers at Sekoia.
The files, embedded with malware, contain draft diplomatic statements, correspondence letters, internal administrative notes, and other documents linked to the Kazakhstan government from 2021 to 2024. Many of them appear to correspond with authentic documents or statements issued by Kazakhstan’s Ministry of Foreign Affairs.
Their activities first came to light during the 2016 US election. This election saw allegations of DNC (Democratic National Committee) email breaches attributed to Fancy Bear, according to the US Department of Justice. Later, investigations in 2018 revealed that Guccifer 2.0, initially claimed to be an individual hacker, was actually several skilled hackers associated with Fancy Bear.
It wasn’t just the American election; German Parliament faced cyberattacks for six consecutive months, reports Cyberscoop.
In May 2015, a message popped up on every desktop in the German parliament: the computer system was about to shut down. Moments later, screen after screen around the Bundestag turned dark, affecting thousands of lawmakers, officials and staffers.
While the outage was brief, it was enough to rattle nerves. It was later found that the hackers had roamed around the system for three weeks and the parliament had to be shut to rebuild the network and its security system from scratch. However, it was never clear what information they actually stole.
Events like breaches at the White House, the French President’s campaign, leaked news from various journalists, and malware attacks at Microsoft’s headquarters all point to Fancy Bear’s hacking prowess.
Russian connection
American media and NSU (Northeastern University) claim that Fancy Bear primarily operates with support from the Russian government and military. Although this claim is lacking in evidence, the buzz around it continues. Even the connection of Fancy Bear with the Russian GRU is not ruled out (Source: Wired). So, why this assumption?
Let’s go back a bit. In 2014, when Ukraine sought to break away from Russian influence, their Central Election Commission’s data was hacked. Errors in the election results spread through Russian media. In 2015, neighbouring Ukraine’s railway, airports, and hospitals fell victim to a malware called Sandworm, attributed to Fancy Bear, (Source: University of Washington). In December of the same year, three electricity centres in Ukraine were hit by a malware called KillDisk, leading to Ukraine’s first blackout in history. It was revealed that Sandworm and KillDisk were creations of Fancy Bear. Fancy Bear became the first hacking group capable of causing blackouts.
Fast forward to 27 June 2017, the second wave. Fancy Bear unleashed NOTPETYA malware, resulting in the theft of information and files of all Ukrainian citizens. They constantly sent messages demanding ransom for the files. However, the malware didn’t discriminate and spread to global shipping companies like Maesk and FedEx, causing billions of dollars in losses (Source: Wired). This time, Fancy Bear’s power was evident not just politically but also economically.In 2018, during the Winter Olympics, allegations arose of tampering with drug and email-related information of athletes by Fancy Bear. In 2019, Georgia’s TV stations were shut down by the same hacking group.
Mainstream media and influential individuals from various countries are targets of Fancy Bear. However, Fancy Bear is so secretive that apart from its hacking patterns, no reliable information is available to anyone.
Powerful nations are left to wonder: Can hacking groups operate independently of governments? However, in the realm of cyber warfare, Russia’s hefty arsenal isn’t a secret. Now the question arises: Will Fancy Bear or other hacker groups confront each other in the Russia-Ukraine conflict?
Where Fancy Bear’s fantasy creation leads them remains to be seen.