Mueller Finally Solves Mysteries About Russia's 'Fancy Bear' Hackers
They may be part of the Kremlins best-known hacker crew. But many of their most important players were unknownsuntil the Special Counsel stepped in.
KEVIN POULSEN
07.20.18 9:59 PM ET
When Robert Muellers grand jury handed down an indictment against 12 Russian intelligence officers last week, one name in the 29-page document was instantly familiar to security experts whove been on the trail of one of the Internets most notorious hacker groups.
Known variously as Fancy Bear, Sofacy, Pawn Storm, Strontium, Tsar Team, Sednit, and APT28, the Russian hackers that did the intrusions for the Kremlins election interference campaign have been active for 12 years, breaching NATO, Obamas White House, a French television station, the World Anti-Doping Agency and countless NGOs, and militaries and civilian agencies in Europe, Central Asia and the Caucasus.
For nearly as long, security researchers have been hot on Fancy Bears tracks. Without Muellers access to spy agency intel, the researchers know the hackers by their fruits the methods they use, the maze of covert servers undergirding their campaigns, and, most of all, their code. Where some other state-sponsored attackers prefer off-the-shelf malware, Fancy Bear is known for mostly staying in-house, developing and continuously improving dozens of purpose-built tools. Whenever one of those programs gets captured in the wild, researchers pick it apart for new insights into the Fancy Bears methods.
The code has yielded more than a few tantalizing artifacts over the years, perhaps none more so than a string found in its most famous malware, called X-Agent.
X-Agent was used in the 2016 DNC hack, but its history stretches back years before. It comes out at the tail end of what the security world calls the cyber kill-chain. After the hackers have reconnoitered a target, squirmed their way onto a computer and made the decision that the machine is worth keeping, the final step is to install persistent malware that will let them monitor and control the computer indefinitely.
more
https://www.thedailybeast.com/mueller-finally-solves-mysteries-about-russias-fancy-bear-hackers?ref=home