Fancy Bear
Russian state-sponsored cyber espionage group
Follow Fancy Bear on Notably News to receive short updates to your email — rarely!
| July 24 2023 | Ukrainian drones targeted the headquarters of Fancy Bear and its military unit, causing the rooftop of an adjacent building to collapse during the explosion. |
| 2020 | Cyber-espionage incident reported in the Czech Republic, potentially involving the Ministry of Foreign Affairs and attributed to Fancy Bear. |
| December 2020 | Norwegian Police Security Service concluded that Fancy Bear (APT28) was likely responsible for the cyber attack, confirming that sensitive content was extracted from affected email accounts. |
| September 2020 | Norwegian Foreign Minister Ine Marie Eriksen Søreide officially accused Russia of the cyber attack on the Norwegian Parliament. |
| August 2020 | Fancy Bear conducted a significant cyber attack on the Norwegian Parliament (Storting) e-mail system. |
| May 5 2020 | German federal prosecutors issued an arrest warrant for Dimitri Badin in connection with the 2014-2015 cyber-attacks on the German parliament. |
| 2019 | Cyber-espionage attack targeting a strategic Czech institution, suspected to be conducted by Fancy Bear hacking group. |
| February 2019 | Microsoft detected spear-phishing attacks by Fancy Bear (APT28) targeting employees of German think tanks, including the German Marshall Fund, Aspen Institute Germany, and the German Council on Foreign Relations. The hackers sent phishing emails to 104 email addresses across Europe in an attempt to steal credentials and deploy malware. |
| 2018 | United States Special Counsel officially identified Fancy Bear as GRU Unit 26165, confirming its association with Russian military intelligence. |
| October 2018 | A U.S. federal grand jury indicted seven Russian GRU officers associated with Fancy Bear for computer intrusions targeting international organizations, corporate entities, and individuals worldwide. The indictment covered their activities from December 2014 to at least May 2018. |
| August 2018 | Fancy Bear cyber group was revealed to have been systematically targeting email correspondence of officials from the Ecumenical Patriarchate of Constantinople for years, coinciding with tensions over Ukrainian Orthodox Church autocephaly. |
| August 2018 | Cyber attacks by Fancy Bear expanded beyond the Ecumenical Patriarchate to target Orthodox Christians, Muslims, Jews, and Catholics in the United States, including Ukrainian Muslim organizations, the papal nuncio in Kyiv, and Yosyp Zisels, director of Ukraine's Association of Jewish Organizations and Communities. |
| August 2018 | Microsoft reported that Fancy Bear attempted to steal data from conservative political organizations including the International Republican Institute and Hudson Institute think tanks. Microsoft security staff successfully thwarted the attacks by taking control of six internet domains. |
| May 2018 | The last documented date of the computer intrusion campaign by the indicted GRU officers, which involved hacking, wire fraud, identity theft, and money laundering. |
| January 10 2018 | Fancy Bears Hack Team leaked stolen emails from the International Olympic Committee (IOC) and U.S. Olympic Committee, dated from late 2016 to early 2017. The attack was apparently in retaliation for the IOC's ban of Russian athletes from the 2018 Winter Olympics due to the country's systematic doping program. |
| 2017 | Trend Micro researchers released a report detailing Fancy Bear's cyber attacks on Emmanuel Macron's election campaign, including phishing attempts and malware installation attempts. |
| September 2017 | Fancy Bear concluded its extensive journalist targeting campaign, having attacked over 50 New York Times reporters, 50 foreign correspondents in Moscow, and numerous journalists in Ukraine and Russia, including independent and mainstream media professionals. |
| April 2017 | IAAF officials publicly disclosed the cyberattack by Fancy Bear, which was initially detected by cybersecurity firm Context Information Security in February. |
| February 2017 | Dutch Minister of the Interior Ronald Plasterk announced that due to cyber security concerns, votes for the upcoming March 2017 Dutch general election would be counted manually to prevent potential electronic interference. |
| February 2017 | The Dutch General Intelligence and Security Service (AIVD) revealed that Fancy Bear and Cozy Bear had attempted to hack into Dutch government ministries over the previous six months, targeting sensitive government documents. |
| February 21 2017 | Fancy Bear hacked the International Association of Athletics Federations (IAAF) servers, gaining unauthorized remote access to the system and accessing Therapeutic Use Exemption applications. |
| 2016 | Ukrainian Army contested CrowdStrike's report, stating that actual artillery weapon losses were significantly lower than reported and not related to the claimed malware cause. |
| 2016 | CrowdStrike initially reported that over 80% of Ukrainian D-30 Howitzers were destroyed due to the malware attack, claiming an unprecedented level of artillery losses. |
| 2016 | The International Institute for Strategic Studies (IISS) disavowed CrowdStrike's original report, revising the estimated malware-related artillery losses to 15-20%. |
| 2016 | Fancy Bear hacked Democratic National Committee emails in an attempt to influence the United States presidential election. |
| 2016 | Fancy Bear targeted election campaign groups in Germany and France, attempting to interfere with political processes through cyber attacks. |
| November 2016 | Fancy Bear set up fake email servers to send phishing emails with malware links to the Konrad Adenauer Foundation and Friedrich Ebert Foundation, targeting groups associated with Angela Merkel's Christian Democratic Union and the Social Democratic Party. |
| November 1 2016 | Microsoft acknowledged the Windows vulnerability, confirming a low-volume spear-phishing campaign using two zero-day vulnerabilities in Adobe Flash and Windows kernel, with Fancy Bear (STRONTIUM) identified as the threat actor. |
| October 31 2016 | Google's Threat Analysis Group revealed a zero-day vulnerability in most Microsoft Windows versions that was being actively exploited by Fancy Bear through malware attacks. |
| September 13 2016 | Fancy Bears' Hack Team launched a website with a manifesto, claiming responsibility for hacking WADA (World Anti-Doping Agency) and IAAF (International Association of Athletics Federations), and promising to reveal doping-related documents about athletes. |
| August 2016 | Fancy Bear launched the website fancybear.net to leak Olympic drug testing files with therapeutic use exemptions for several high-profile athletes, including Simone Biles, Venus and Serena Williams, and Elena Delle Donne. |
| August 2016 | Fancy Bear conducted a spear phishing attack targeting members of the Bundestag and multiple political parties, including Linken-faction leader Sahra Wagenknecht, Junge Union, and the CDU of Saarland. |
| August 2016 | Fancy Bear sent phishing emails to World Anti-Doping Agency (WADA) database users, attempting to obtain login credentials through fake official communications. |
| August 2016 | Fancy Bear hacked into WADA's Anti-doping Administration and Management System (ADAMS) using an International Olympic Committee (IOC)-created account, gaining unauthorized access to their database. |
| June 14 2016 | CrowdStrike released a report identifying Fancy Bear as the culprits of the DNC hack, followed by the online persona Guccifer 2.0 claiming sole credit for the breach. |
| May 2016 | Conclusion of a major cyber operation that targeted political opponents in the United States, Ukraine, Russia, Georgia, and Syria, with a focus on enemies of the Kremlin. |
| April 2016 | Phishing attacks intensified, with a notable pause on April 15, coinciding with a Russian military holiday honoring electronic warfare services. |
| March 19 2016 | Attacks redirected to Gmail accounts, resulting in the breach of John Podesta's Gmail account and theft of 50,000 emails. |
| March 11 2016 | Phishing attacks expanded to non-public email addresses of high-level Democratic Party officials, with attempts on Hillaryclinton.com addresses. |
| March 10 2016 | Fancy Bear initiated spear phishing attacks targeting old email addresses of 2008 Democratic campaign staffers, potentially obtaining contact lists. |
| 2015 | Shane Harris, a Daily Beast writer covering intelligence issues, was among the journalists targeted by Fancy Bear's cyber attacks. |
| August 2015 | Kaspersky Lab detected and blocked an ADVSTORESHELL implant targeting defense contractors. Within an hour and a half, Fancy Bear quickly compiled and delivered a new backdoor version of the implant, demonstrating their rapid adaptation capabilities. |
| August 2015 | Fancy Bear conducted a sophisticated cyber attack using a zero-day Java exploit, spoofing the Electronic Frontier Foundation (EFF). They launched spear phishing attacks targeting the White House and NATO, using a deceptive URL 'electronicfrontierfoundation.org' to mislead victims. |
| June 2015 | Security researcher Claudio Guarnieri published an investigation report on a SOFACY exploit against the German Bundestag, partially corroborating root9B's earlier report by identifying matching Command & Control server IP addresses and malware sample hashes. |
| May 2015 | Security firm root9B released a report revealing Fancy Bear's targeted spear phishing campaign against financial institutions, documenting the group's sophisticated cyber attack methods. |
| May 2015 | The cyber-attack completely paralyzed the Bundestag's IT infrastructure, forcing the entire parliament to be taken offline for days. Approximately 16 gigabytes of data were downloaded during the attack. |
| April 9 2015 | TV5Monde continued to experience broadcasting disruptions and system shutdowns following the cyber-attack. |
| April 8 2015 | Fancy Bear executed a destructive cyber-attack on TV5Monde, hijacking 12 TV channels, overriding broadcast programming, and taking control of social media accounts for over three hours. |
| March 2015 | Beginning of a targeted cyber campaign that included attacks on the United States Democratic National Committee and Republican National Committee, along with tens of thousands of perceived political opponents across multiple countries. |
| March 25 2015 | Continued data collection and reconnaissance by Fancy Bear in preparation for the cyber-attack on TV5Monde. |
|
We are only showing the most recent entries for this topic. |
|
This contents of the box above is based on material from the Wikipedia article Fancy Bear, which is released under the Creative Commons Attribution-ShareAlike 4.0 International License.