Connect with us

Hi, what are you looking for?



Russia-Linked Attacks on Political Organizations Continue

The cyber-espionage group known as Fancy Bear was highly active in the second half of 2017, hitting political organizations worldwide, Trend Micro said this week.

The cyber-espionage group known as Fancy Bear was highly active in the second half of 2017, hitting political organizations worldwide, Trend Micro said this week.

Also known as APT28, Pawn Storm, Sofacy, Group 74, Sednit, Tsar Team, and Strontium, the group is said to have ties with the Russian government. Since 2015, the group has been associated with attacks on political organizations in France, Germany, Montenegro, Turkey, Ukraine, and the United States.

During the second half of 2017, such attacks continued, without revealing much technical innovation over time. However, the attacks are well prepared, persistent, and often hard to defend against, the security researchers say.

“Pawn Storm has a large toolset full of social engineering tricks, malware and exploits, and therefore doesn’t need much innovation apart from occasionally using their own zero-days and quickly abusing software vulnerabilities shortly after a security patch is released,” Trend Micro points out.

During the second half of 2017, the group was observed targeting organizations with credential phishing and spear phishing attacks. In August and September, the hackers used tabnabbing against Yahoo! users, a method that involves changing a browser tab to point to a phishing site after distracting the target.

In attacks observed in October and November 2017, the group used credential phishing emails to target specific organizations. One incident employed an email claiming to inform the target of an expired password, while the other claimed a new file was present on the company’s OneDrive system.

During the past six months, Pawn Storm also targeted several International Olympic Wintersport Federations, including the European Ice Hockey Federation, the International Ski Federation, the International Biathlon Union, the International Bobsleigh and Skeleton Federation, and the International Luge Federation.

The attacks appear to be related to several Russian Olympic players being banned for life in fall 2017. A recent incident involving the leak of emails exchanged between officials of the International Olympic Committee (IOC) and other individuals involved with the Olympics also appears to be related to the state-sponsored actor.

Advertisement. Scroll to continue reading.

Some of the group’s political targets included webmail users, who received credential phishing emails on May 18, 2017, one day before the presidential elections in Iran. Similar incidents were observed targeting political organizations globally, Trend Micro says.

In June 2017, the actor set up phishing sites mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. In attacks observed during fall 2017, the group was abusing Google’s Blogspot service to target Bellingcat, a group of investigative journalists that uses open source information to report on various events taking place around the world.

Individuals interested in the CyCon U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in collaboration with the Army Cyber Institute at West Point were also targeted by Pawn Storm last year.

Moving forth, the group is expected to continue targeting political organizations, while also likely focusing on influencing public opinion via social media, given that social media algorithms are “susceptible to abuse by various actors with bad intentions.”

“Publishing stolen data together with spreading fake news and rumors on social media gives malicious actors powerful tools. While a successful influence campaign might seem relatively easy to do, it needs a lot of planning, persistence, and resources to be successful. Some of the basic tools and services, like ones used to spread fake news on social media, are already being offered as a service in the underground economy,” Trend Micro notes.

Other actors too might start campaigns attempting to influence politics and issues of interest domestically and abroad, the researchers say. Pawn Storm, however, is expected to continue to be highly active, especially with the Olympics and several significant global elections taking place in 2018.

Related: Tech Firms Target Domains Used by Russia-linked Threat Group

Related: Russia-Linked Spies Deliver Malware via DDE Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...