Fancy Bear APT

Update: Emboldened, Fancy Bear hacking crew targets French, German Politicians

In-brief: emboldened by media attention for its escapades in the U.S. Presidential election, the hacking crew known as “Fancy Bear” is targeting political parties in France as well as Germany, the firm Trend Micro reported on Tuesday – the latest evidence of meddling in foreign affairs. (Editor’s note: updated to add comment by Michael Sulmeyer, Director of the Cyber Security Project at Harvard University’s Belfer Center. PFR Apr 25 2017.)

Emboldened by media attention for its escapades in the U.S. Presidential election, the hacking crew known as “Fancy Bear” is targeting political parties in France as well as Germany, the firm Trend Micro reported on Tuesday – the latest evidence of meddling in foreign affairs.

The group of state-sponsored hackers, which is also known by the names “Pawn Storm,” “Strontium,” and “APT28,” was observed registering web domains in March and April connected to political campaigns in France and Germany, including the presidential campaign of Emmanuel Macron in France and the Konrad Adenauer Stiftung, a political organization in Germany.

The group was identified as one of the main perpetrators of attacks on the presidential campaign of Hillary Clinton in the United States, as well as Democratic party organizations like the Democratic Congressional Campaign Committee (DCCC).  The group appears to be emboldened by the media attention it received for those hacks, Trend Micros said.

“Following the extensive headlines made in 2016 related to their impact on the U.S. election, we expect these attacks to continue,” Trend Micro Chief Cybersecurity Officer Ed Cabrera wrote in a blog post.

The group, which Trend refers to as “Pawn Storm” has been linked to a string of high-profile hacks, many targeting political parties, governments and the press. Among them: a December 2014 attack targeting corporate accounts of 55 employees of a large US newspaper using the compromised email account of an US military correspondent; attacks in 2015 targeting NATO members and French television stations and an attack targeting a Dutch Safety Board partner in the investigation of Malaysian Airlines Flight MH17, which was brought down over Ukraine by a Russian anti-aircraft missile. In the U.S., the group set up convincing “phishing” web pages that appeared to victims like password reset pages hosted by Google.

The Pawn Storm/Fancy Bear group has also targeted domestic political opponents of Russian President Vladimir Putin as well as human rights activists in that country.

The attacks are typically well-planned and sophisticated, exploiting previously undiscovered flaws in common platforms. For example, an October 2015 campaign linked to Pawn Storm used an exploit for a “zero day” (or previously undiscovered) flaw in Adobe’s Flash technology to target several ministries of foreign affairs with spear phishing emails, Trend said.

“Political organizations like all other organizations should always operate under the assumption that they have been breached,” Trend said.

The reports of hacks follow months of claims by Macron that his campaign was a target of Russian hackers. His opponent in the runoff election next week of Marine Le Penn, a candidate with close ties to Russia’s President Vladimir Putin.

 

Hacking is just one theater in which nations jockey for power and influence, Dmitri Alperovitch, the co-founder and Chief Technology Officer of the firm CrowdStrike told The Security Ledger in this podcast interview. The importance of Russian hacking in the 2016 election was not that the hacks occurred, but the impact of those hacks on the race itself and the way information that was stolen from political campaigns and parties was “weaponized” and used to undermine trust in one candidate and party, and in the broader democratic process, he said.

Alperovitch said that the response of governments in the U.S., France and Germany to those acts may span both the physical domain and the cyber domain. “They’re starting to treat cyber as another problem out there. They’re asking ‘who are the actors and how can we deter them in various ways.”

While nation-backed hacking crews do have access to sophisticated tools, they often rely on tried and true methods to gain access to sensitive computers and networks. That includes so-called “phishing” emails that lure users into surrendering their password or installing a piece of malicious software on their computer, said Michael Sulmeyer, the Director of the Cyber Security Project at Harvard University’s Belfer Center.

Political candidates and campaigns need to follow best practices to guard against such attacks, he said. “If you’re running for office in a major country, it’s practically malpractice to not be attuned to the threat from cyber space.”

Harder to address is the role that online disinformation campaigns can play in elections, as they reportedly did during the U.S. election, when information from leaked emails was combined with fabricated stories to hammer away at the credibility of the Democratic candidate, Hillary Rodham Clinton. “You don’t need a cyber attack to do that,” Sulmeyer noted.

 

Countries that are targeted by such campaigns, including the U.S. and EU nations need to be vocal in combatting false stories circulating online, while also finding unity around efforts by outsiders to influence domestic affairs. Sulmeyer calls that the “politicization of cyber security.” “No matter what party you’re in, you should have the position that a foreign government even attempting to manipulate an election is a fragrant foul,” he said.

 

Comments are closed.