APT 28: Russian Cyber Attacks Britain and Germany as Well as U.S.

APT 28:

TechTimes: FireEye said in a white paper they released in 2014 that APT 28 had launched attacks against military and political organizations beginning in 2007. Other targets that the Kremlin have special interest in include the NATO alliance offices and government officials in Georgia. In these attacks, the group had reportedly gathered “malware samples with Russian language settings during working hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.”

The APT 28 used the same tools and hit the same targets performed by the Pawn Storm hackers that were described by security firm Trend Micro in a separate report. According to the company, the Pawn Storm hacking group recently increased their activity and targeted bloggers who conducted interviews with President Barack Obama. There is also speculation that the group had stolen online credentials of a military correspondent of an unnamed major publication in the U.S. More here.

 

RUSSIA’S HACKERS HIT BRITAIN

Putin’s cyber warriors the Fancy Bears targeted government websites and the BBC in the run-in to last year’s election

Defensive measures deployed to thwart the attack by Fancy Bears after it was discovered by spy agency GCHQ

TheSun: A RUSSIAN cyber attack on British government departments and TV broadcasters in the run-up to last year’s general election was thwarted by intelligence agencies, it emerged today.

GCHQ boffins halted the “imminent threat” by Kremlin-backed hackers Fancy Bears – the group behind the leak of Olympic athletes’ doping files.

Dimbleby on the BBC election show

Russian hackers targeted government departments and broadcasters including the BBC in the run-up to the 2015 general election.
***
The revelation of the attack on the British election comes amid concerns Russian hackers are attempting to disrupt the US presidential race.Last week another Russian group, DC Leaks, hacked White House servers to obtain what appeared to be Michelle Obama’s passport.

Fancy Bears planned to attack every Whitehall server including the Home Office, Foreign Office and Ministry of Defence, security officials told the Sunday Times.

They were also targeting all the main UK broadcasters including the BBC, ITV, Channel 4 and Sky.

cyber-caliphate

Getty Image: An attack on France’s TV5Monde network claimed on behalf od ISIS by the ‘Cyber-Caliphate’ was traced to the Fancy Bears in Moscow
***

The GCHQ eavesdropping agency uncovered the threat after probing the group’s successful attack against TV5Monde, one of France’s biggest TV networks, in April last year.

It was feared ISIS had reached new levels in its ability to wage cyber war after all 11 of the French broadcasters channels were take off air and its website was flooded with jihadist propaganda.

Related reading: Russia ‘was behind German parliament hack’

But GCHQ traced the hack – claimed by a group calling themselves the “Cyber-Caliphate” – back to Moscow and then uncovered they were planning to hit Britain next.

Analysts feared that the Putin-sponsored group could “embarrass” pillars of the British state and took defensive measures to protect government departments.

Senior security officials are also understood to have warned the TV networks so they could defend themselves.

One security official said: “We had information, and it could have been activated, which is why it was an imminent threat.

“They certainly could have defaced a website for propaganda reasons and they could have possibly taken it down.”

It is the first known threat by the Kremlin-backed hackers to interfere in the British political process.

News of the attack comes after Fancy Bears published details of athletes including Mo Farah and Sir Bradley Wiggins hacked from the global anti-doping watchdog Wada.

Papers revealed they were given medical exemption certificates to use banned drugs.

Fancy Bears website

AP:Associated Press: The Fancy Bears leaked confidential medical filed on dozens of Olympic athletes after hacking the anti-doping body Wada
***

In July the hackers were blamed for the leak of 20,000 damaging emails from the US Democratic National Committee – just as it was about to confirm Hillary Clinton as presidential candidate.

The intervention was seen a Moscow’s attempt to boost Donald Trump’s chances in the election.

The group is thought to be behind a shutdown of the national grid in Ukraine and attacks on the governments of Syria, Uzbekistan, Pakistan and the United Arab Emirates.

Fancy Bears also targeted the BBC, The Guardian, Al Jazeera, Reuters, CNN, Farnborough arms fair, defence contractor Northrop Grumman, one cyber security report says.

Separately a list published by security experts at the PwC consultancy shows 245 apparent Fancy Bears attacks on targets including Nato, the Chilean military, Apple, Google, the German ministry of defence and the Polish and Hungarian governments.

There is no suggestion any of these has been successful although one firm on the list, Yahoo, last week admitted the personal information of 500million users had been stolen by what it called “state-sponsored” hackers in late 2014.

****

BroadbandTVNews: The BBC, ITV, Channel 4 and Sky were involved in what David Anderson QC, the independent reviewer of terrorism legislation, described the incident as a “possible imminent threat” to the UK. The Sunday Times reports that Anderson said the government’s monitoring agency GCHQ “deployed a capability to protect government networks from this cyber-attacker”.

The information was revealed in a previously unnoticed report released in July. Broadcasters were warned of the potential threat and advised to take action.

British security officials have told the paper the group plotting the attack was Fancy Bears, also known as APT28 and Sofacy, the same group that last April brought down the French international broadcaster TV5 Monde.

Within a few seconds of the April 8th attack, all of TV5’s channels stopped broadcasting, and it also lost control of its sites and social profiles. On screen messages declared allegiance to ISIS.

Posted in China aggression, Citizens Duty, Cyber War, DOJ, DC and inside the Beltway, Europe Brexit, Failed foreign policy, FBI, Military, NSA Spying, Presidential campaign, Russia, Terror, The Denise Simon Experience, Treasury, Whistleblower.

Denise Simon