Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Mueller Finally Solves Mysteries About Russia's 'Fancy Bear' Hackers
They may be part of the Kremlin’s best-known hacker crew. But many of their most important players were unknowns—until the Special Counsel stepped in.
KEVIN POULSEN
07.20.18 9:59 PM ET
When Robert Mueller’s grand jury handed down an indictment against 12 Russian intelligence officers last week, one name in the 29-page document was instantly familiar to security experts who’ve been on the trail of one of the Internet’s most notorious hacker groups.
Known variously as Fancy Bear, Sofacy, Pawn Storm, Strontium, Tsar Team, Sednit, and APT28, the Russian hackers that did the intrusions for the Kremlin’s election interference campaign have been active for 12 years, breaching NATO, Obama’s White House, a French television station, the World Anti-Doping Agency and countless NGOs, and militaries and civilian agencies in Europe, Central Asia and the Caucasus.
For nearly as long, security researchers have been hot on Fancy Bear’s tracks. Without Mueller’s access to spy agency intel, the researchers know the hackers by their fruits —the methods they use, the maze of covert servers undergirding their campaigns, and, most of all, their code. Where some other state-sponsored attackers prefer off-the-shelf malware, Fancy Bear is known for mostly staying in-house, developing and continuously improving dozens of purpose-built tools. Whenever one of those programs gets captured in the wild, researchers pick it apart for new insights into the Fancy Bear’s methods.
The code has yielded more than a few tantalizing artifacts over the years, perhaps none more so than a string found in its most famous malware, called X-Agent.
X-Agent was used in the 2016 DNC hack, but its history stretches back years before. It comes out at the tail end of what the security world calls the “cyber kill-chain.” After the hackers have reconnoitered a target, squirmed their way onto a computer and made the decision that the machine is worth keeping, the final step is to install persistent malware that will let them monitor and control the computer indefinitely.
more
https://www.thedailybeast.com/mueller-finally-solves-mysteries-about-russias-fancy-bear-hackers?ref=home
1 replies
= new reply since forum marked as read
= new reply since forum marked as read
