Soon after security firm Crowdstrike was called by the Democratic National Committee about a suspected breach and started to investigate, they “immediately identified two sophisticated adversaries on the network — COZY BEAR and FANCY BEAR,” writes the firm in a blogpost on its site.
The two hacker groups are closely linked to the Russian Federation’s intelligence services, according to Crowdstrike, which considers them “some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups” they encounter, praising them for their “superb” tradecraft and extensive use of “living-off-the-land” techniques that allow them to bypass security solutions.
Cozy Bear: Last year, the group (also known as CozyDuke or APT 29) hacked the White House, State Department and US Joint Chiefs of Staff, as well as companies and government agencies in Western Europe, China, Brazil and many other countries. Preferred method: Broadly targeted spearphishing.
Fancy Bear: This group targets defense ministries and military officials in the U.S., Western Europe, Brazil, China, Iran and many other countries, as well as intrusions into the German Bundestag and France’s TV5 Monde TV last year. Preferred method: Registering domains that resemble legitimate domains and establishing phishing sites that spoof them.