Introduction to Fancy-Bear : most accomplished hacking group in recent time

in hacking •  7 years ago 

 Прикольный медведь

What is the purpose of the thread? 

The purpose of this thread is to introduce an extremely sophisticated, currently active, hacking group named Fancy Bear. 

I loved learning about these extremely advanced hacking groups out there in the wild and this thread is going to be a starting point for a lot of future threads were we dig details about this group.

Is anyone interested on this? I hope they are but if they are not this would be my log of details I collect about these groups and techniques and malwares they use. This thread will merely introduce them, I will create subsequent threads detailing their action. Keeping this hear hoping someone will be interested. 


Introduction 

One of the most sophisticated hacking group operating in the wild, just to convey information about their skills they have been documented as using 6 zero-days attack vector in 2015 itself. Believed to be active since far back as 2004.

Sounds cool but what exactly have they accomplished? 

Some hacking incidents that have been linked to FancyBear

1) Attack on German Parliament (2014)
2) French Television hack (2015)
3) Attack on United Bank of Africa, Bank of America, TD Bank, and UAE Bank (2015)
4) Attack on White-House and Nato (2015)
5) Hilary Clinton Email Leak (2016)
6) World Anti-Doping Agency (2016)
7) Attack on German Parliament (2016)
8) Attack on Ukraine Army’s Rocket Force and Artillery (2016) and successfully hacked 20% of their howitzer – talk about sophisticated attack O_O
9) Ministry of General Affairs, Netherlands (2017)
10) Attack on German Federal Election (2017)
11) Attack on International Association of Athletics Federation (2017)

These are just their commonly known attack, the actual number of attack estimated to be much higher. In short , they are the freaking mafia of cyber-attack, alongside another Russian hacking group called Cozy Bear (apparently “Bear” is what they use to refer a Russian hacking group) 


Other name the group is known by 

As with a lot of known hacking group , they are known by more than one names:

1) Fancy Bear
2) Advanced Persistent Threat # 28 (APT28)
3) Pawn Storm Group
4) Sofacy Group
5) Sednit

The group seem to create fake on-line persona to take credit for their attacks these include:

1) Guccifer 2.0
2) CyberCaliphate


Techniques they use 

How do they enter the victim’s system?

1) Extremely sophisticated targeted spear-phishing attacks to harvest credential
2) Use those credentials to log into system’s computer and drop malwares


What malwares do they use:

1) Sourface (also called Sofacy)
2) Chopstick
3) Coreshell
4) Jhuhugit
5) Advstoreshell
6) Agent-X
7) Foozer
8) WinIDS
9) X-Tunnel
10) DownRange


Techniques imployed by malware to make it harder to detect and reverse:

1) Counter-analysis to obfuscate their data
2) Adding junk data to encoded strings making decoding it nearly impossible without a junk removal algorithm
3) Reset timestamps on files and periodically clears the event-logs.


Concluding Remarks 

Firstly, this is just the first thread and I am going to insert more details on their attack techniques and toolset they use. I am still doing my research so I have a lot more to find out. 

After hearing the details what's your view on this? Are you excited that such a sophisticated group exists which opens an opportunity to learn from ? Or are you terrified to know something this dangerous are still out there ACTIVE in the wild?

What do you think their next target would be? Did you even know military equipments could be hacked remotely?


original source: https://hackforums.net/showthread.php?tid=5657359

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!