The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Fancy Bear

Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics

Russian Hackers Targeting Anti-Doping Agencies Ahead of 2020 Tokyo Olympics
October 29, 2019Swati Khandelwal
As Japan gears up for the upcoming 2020 Summer Olympics in Tokyo for the next year, the country needs to brace itself for sophisticated cyberattacks, especially from state-sponsored hackers. Microsoft has issued a short notice, warning about a new wave of highly targeted cyberattacks by a group of Russian state-sponsored hackers attempting to hack over a dozen anti-doping authorities and sporting organizations around the world. The attacks are originating from the 'Strontium' Russian hacking group, widely known as Fancy Bear or APT28, and are believed to be linked to the upcoming 2020 Summer Olympics in Tokyo. The Fancy Bear hacking group, also known as APT28, Sofacy, X-agent , Sednit , Sandworm , and Pawn Storm, is believed to be linked to Russian military intelligence agency GRU and has been in operation since at least 2007. Over these past three decades, the group has been credited to many high profile hacking incidents, like hacking the US presidential elections

Microsoft Says Russia Tried to Hack Three 2018 Midterm Election Candidates

Microsoft Says Russia Tried to Hack Three 2018 Midterm Election Candidates
July 19, 2018Swati Khandelwal
Microsoft said it detected and helped the US government to block Russian hacking attempts against at least three congressional candidates this year, a Microsoft executive revealed speaking at the Aspen Security Forum today. Although the company refused to name the targets but said, the three candidates were "people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint." According to the company, the Russian hackers targeted the candidates' staffers with phishing attacks, redirecting them to a fake Microsoft website, in an attempt to steal their credentials. "Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks," said Tom Burt, Microsoft's vice president for customer security. "And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all sta

Russian 'Fancy Bear' Hackers Using (Unpatched) Microsoft Office DDE Exploit

Russian 'Fancy Bear' Hackers Using (Unpatched) Microsoft Office DDE Exploit
November 09, 2017Swati Khandelwal
Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Microsoft Office feature, called Dynamic Data Exchange (DDE), to perform code execution on the targeted device without requiring Macros enabled or memory corruption. DDE protocol is one of the several methods that Microsoft uses to allow two running applications to share the same data. The protocol is being used by thousands of apps, including MS Excel, MS Word, Quattro Pro, and Visual Basic for one-time data transfers and for continuous exchanges for sending updates to one another. Soon after the details of DDE attack went public , several reports emerged about various widespread attack campaigns abusing this technique in the wild to target several organisations with malware. Now,

How Microsoft Cleverly Cracks Down On "Fancy Bear" Hacking Group

How Microsoft Cleverly Cracks Down On "Fancy Bear" Hacking Group
July 21, 2017Swati Khandelwal
What could be the best way to take over and disrupt cyber espionage campaigns? Hacking them back? Probably not. At least not when it's Microsoft, who is continuously trying to protect its users from hackers, cyber criminals and state-sponsored groups. It has now been revealed that Microsoft has taken a different approach to disrupt a large number of cyber espionage campaigns conducted by " Fancy Bear " hacking group by using the lawsuit as a tool — the tech company cleverly hijacked some of its servers with the help of law. Microsoft used its legal team last year to sue Fancy Bear in a federal court outside Washington DC, accusing the hacking group of computer intrusion, cybersquatting, and reserving several domain names that violate Microsoft's trademarks, according to a detailed report published  by the Daily Beast. Fancy Bear — also known as APT28, Sofacy, Sednit, and Pawn Storm — is a sophisticated hacking group that has been in operation since at least

Putin: Hackers Are Like Artists, Who Wake Up In A Good Mood & Start Painting

Putin: Hackers Are Like Artists, Who Wake Up In A Good Mood & Start Painting
June 01, 2017Mohit Kumar
Just control your laughter, while reading this article. I insist. Talking to international media at the St Petersburg Economic Forum on Thursday, Russian President Vladimir Putin made a number of statement surrounding alleged Russia's involvement in hacking. If you are not aware, Russia has been the focus of the U.S. investigations for its purported role in interfering with the 2016 US presidential election, which saw several major hacks, including Democratic National Committee and Hillary Clinton campaign emails. The US authorities and intelligence community concluded in January that Mr. Putin had personally directed cyber attacks against Democrats and the dissemination of false information in order to influence US election and help Mr. Trump win the election. Putin: Russia Has Never Been Involved in Hacking Today Mr. Putin denied all the allegations of Russian engagement in the U.S. election hacking, saying that the Russian state had never been involved in hacking. I

New MacOS Malware linked to Russian Hackers Can Steal Passwords & iPhone Backups

New MacOS Malware linked to Russian Hackers Can Steal Passwords & iPhone Backups
February 16, 2017Mohit Kumar
Security researchers have discovered a new Mac malware allegedly developed by APT28 Russian cyber espionage group who is believed to be responsible for 2016 presidential election hacking scandal. A new variant of the X-Agent spyware is now targeting Apple macOS system that has previously been used in cyber attacks against Windows, iOS, Android, and Linux devices. The malware is designed to steal web browser passwords, take screenshots of the display, detect system configurations, execute files and exfiltrate iPhone backups stored on the computer. The X-Agent malware is tied to Russian hacking group known as APT28 — also known as Fancy Bear, Sofacy, Sednit, and Pawn Storm — that has been operating since at least 2007 and is allegedly linked to the Russian government. "Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms

Microsoft Patches Windows Zero-Day Flaw Disclosed by Google

Microsoft Patches Windows Zero-Day Flaw Disclosed by Google
November 09, 2016Mohit Kumar
Microsoft was very upset with Google last week when its Threat Analysis Group publically disclosed a critical Windows kernel vulnerability (CVE-2016-7255) that had yet to be patched. The company criticized Google's move , claiming that the disclosure of the vulnerability, which was being exploited in the wild, put its customers "at potential risk." The vulnerability affects all Windows versions from Windows Vista through current versions of Windows 10, and Microsoft was set to issue a fix come this month's Patch Tuesday. So, as part of its monthly Patch Tuesday, Microsoft today patched the security flaw in Windows that was actively being exploited by hackers. According to Microsoft's security bulletin released today, any hacker who tricked victims into running a "specially-crafted application" could successfully exploit the system bug and gain the ability to "install programs; view, change, or delete data; or create new accounts with fu

Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google

Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google
November 02, 2016Swati Khandelwal
Google's Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe. While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft had yet to release a fix. Microsoft criticized Google's move, saying that the public disclosure of the vulnerability — which is being exploited in the wild — before the company had time to prepare a fix, puts Windows users at "potential risk." The result? Windows Vista through current versions of Windows 10 is still vulnerable , and now everybody knows about the critical vulnerability. Now, Microsoft said that the company would be releasing a patch for the zero-day flaw on 8th November, as part of its regular round of monthly security updates. Russian Hackers are actively exploiting critical Windows kernel bug Microsoft acknowledged the vulnerability in a blog
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.