Fancybear

Threat Actor Profile Updated 16 days ago
Download STIX
Preview STIX
Fancybear, also known as APT28, Forest Blizzard, or Strontium, is a threat actor linked to Russia that has been involved in various cyber espionage operations. These operations have targeted European countries and have been condemned by both NATO and the European Union. This group has demonstrated advanced capabilities, such as the use of a previously unknown tool called GooseEgg, which was used to exploit the Windows Print Spooler flaw CVE-2022-38028. Microsoft reported this activity, leading to the addition of the flaw to the Known Exploited Vulnerabilities (KEV) catalog by the Cybersecurity & Infrastructure Security Agency (CISA). The group's activities date back to at least September-October 2021, when it conducted a global phishing operation. Mandiant, Google Cloud's threat intelligence division, refers to this group as Frozenlake but acknowledges its common identification as Fancybear. Furthermore, a hacker using the name Fancybear - possibly unrelated to the Russian hacking group - made a for sale post on a popular clear web hacking forum on March 10, suggesting the group's involvement in data selling. Mandiant has reported with high confidence that the group, under another alias CyberArmyofRussia_Reborn, coordinates with Russia's GRU military intelligence service, possibly distributing information stolen by APT28. This assessment indicates the potential state-sponsored nature of Fancybear's activities and their integration within broader Russian cyber-espionage efforts. Such findings underscore the significant threat posed by Fancybear and the need for continued vigilance and robust cybersecurity measures.
What's your take? (Question 1 of 2)
9bff7923-6dcd-4174-a65b-19c332a6ddb8 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT28
3
APT28, also known as "Forest Blizzard," "Fancybear," or "Strontium," is a threat actor linked to the Russian GRU. This group has been involved in various cyber espionage activities targeting multiple countries and organizations. In October 2023, the French National Agency for the Security of Informa
STRONTIUM
2
Strontium, also known as APT28, Fancy Bear, Forest Blizzard, and other aliases, is a threat actor linked to Russia that has been active since at least 2007. This group has targeted governments, militaries, and security organizations worldwide, carrying out cyber espionage operations with malicious i
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Fancybear Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
3 months ago
14 million Australian emails and addresses for sale on clear web hacking forum | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Russian phishing attacks flooded Ukraine, tripled against NATO nations in 2022: Report
CERT-EU
6 months ago
Russian hackers exploiting Outlook bug to hijack Exchange accounts
BankInfoSecurity
a year ago
WinRAR Weaponized for Attacks on Ukrainian Public Sector
BankInfoSecurity
7 months ago
Ukrainian Telcos Targeted by Suspected Sandworm Hackers
Securityaffairs
18 days ago
Russia-linked APT28 targets government Polish institutions
Securityaffairs
a month ago
Russia-linked APT28 used tool GooseEgg for to exploit Win bug
Securityaffairs
23 days ago
NATO and the EU formally condemned APT28 cyber espionage
Securityaffairs
16 days ago
Pro-Russia hackers targeted Kosovo government websites
Securityaffairs
a month ago
CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog
Securityaffairs
5 months ago
Russia's APT28 used new malware in a recent phishing campaign
CERT-EU
6 months ago
Les vulnérabilités critiques à suivre (11 décembre 2023)