Fancy Bear is likely behind recent cyberattacks on the Democratic Party, according to authorities.
Russian hackers have targeted the email accounts of Democratic state parties in California and Indiana, as well as think tanks in Washington and New York, according to investigators. The same hacker group, nicknamed “Fancy Bear,” was accused of accessing information on the 2016 U.S. presidential election earlier in 2020. The original attempts to receive information were internally flagged by Microsoft Corp. in the summer.
The most recent targets included the Center for American Progress, the Council on Foreign Relations and the Washington-based Carnegie Endowment for International Peace. All said the attempts have been unsuccessful, according to those investigating the matter. The Indiana Democratic Party issued a statement it was “unaware of any successful intrusions.” California Democratic Party Chair Rusty Hicks confirmed, “The effort by the foreign entity was unsuccessful.”
“Based on the infrastructure overlap, the series of behaviors associated with the event, and the general timing and targeting of the U.S. government, this seems to be something very similar to, if not a part of, the campaign linked to APT28 earlier this year,” said Dragos researcher Joe Slowik, the former head of Los Alamos National Labs’ Computer Emergency Response Team. “It’s certainly not surprising that Russian intelligence would be trying penetrate the U.S. government. That’s kind of what they do. But it is worth identifying that not only is such activity continuing, it’s been successful” in the past.
Fancy Bear is run by Russia’s military intelligence agency. It hacked the accounts of Hillary Clinton’s staff during the time period leading up to the 2016 election, according to a Department of Justice (DOJ) indictment filed in 2018. The Office of the Director of National Intelligence said the Russian group was attempting to undermine Democratic candidate for president, Joe Biden’s, campaign.
Microsoft recently announced that the hacker group Fancy Bear had attempted to hack more than 200 organizations in total and that the company was able to link the earlier 2020 cyber espionage to the Russian hackers through a programming error it discovered over the course of its investigation.
The Russian Embassy in Washington said it does not interfere in America’s internal affairs and denied any link to “Fancy Bear,” calling the allegations “fake news.” However, Don Smith of Secureworks stated, “The targeting of Democrats in Indiana and California – confirmed by four people familiar with the matter – suggests that the Russians are casting their net wide.”
The Open Society Foundations founder, George Soros, added, “Obviously tensions were extraordinarily high heading into this election, and we are taking many steps to ensure the safety of our staff.”
In late October, the Cybersecurity and Infrastructure Security Agency (CISA) submitted a release indicating it “responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware – including multi-stage malware that evaded the affected agency’s anti-malware protection – and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.” The release details suggestions for how those targeted can combat the threat.