Home » World News » Meet the 'Fancy and Cozy Bear' hackers who have rocked the US polls 2016

Meet the 'Fancy and Cozy Bear' hackers who have rocked the US polls 2016

Speed News Desk | Updated on: 11 February 2017, 5:46 IST

From Democratic National Committee (DNC) to the White House, from Venus Williams to Colin Powell, the US has been rocked by a series of cyber attacks by hackers believed to have ties with the Russian government.

The cyber attacks and data dumps have sowed embarrassment and raised questions about the safety of America's national secrets and even the presidential election.

The hackers who spent at least a year lurking inside the DNC's computers don't appear to be just random cyber criminals. They're suspected in a number of high-profile attacks against the US and other Western countries, going back almost a decade.

Cyber security firms have given some names to these hackers, in which the most notorious groups are believed to be Fancy Bear and Cozy Bear.

Now, it is believed that they are directly tied to Russian spy agencies.

Here's a look at what we know about the hackers:

Fancy Bear and Cozy Bear are the names cyber security firms have given to these two separate - and possibly competing - computer espionage groups allegedly based in Russia.

Fancy Bear, is also known as APT 28, Strontium and the Sofacy Group. It has been tied to most of the Russia hacks garnering headlines of late, including against the World Anti-Doping Agency (WADA) and the Democratic Party.

It is also known for stealing targets' usernames and passwords by setting up dummy websites that appear real enough to convince users to input their email and password information.

What do we know about Cozy Bear?

Cozy Bear is blamed for hacking the White House, Joint Chiefs of Staff and State Department. It's believed to be tied to the FSB, Russia's internal security service.

This group targets potential victims with phishing attacks - email messages that appear to be from a legitimate, trusted friend or associate.

Hackings associated with these groups:

'Operation Bellingcat'

These groups had allegedly carried out cyber attacks on journalists investigating the MH17 crash after multiple investigations had found that Malaysia Airlines flight 17 was shot down in 2014 by a Russian-made missile, fired from a village in eastern Ukraine that was held by pro-Russian rebels.

The Russian government has however, maintained that Ukrainian troops downed the passenger jet, which was en route from Amsterdam to Kuala Lumpur.

No journalist dived deeper into the MH17 mystery than an "open source" citizen-journalist outfit called Bellingcat. And these groups tried very hard to hack Bellingcat, presumably to gain access to the operation's sources.

France TV5 cyber attack

On 8 April, 2015, French television network TV5Monde was the victim of a cyber-attack, allegedly carried out by Fancy Bear.

Hackers breached the network's internal systems, possibly aided by passwords openly broadcast by TV5, overriding the broadcast programming of the company's 12 channels for over three hours.

The hackers also hijacked TV5Monde's Facebook and Twitter pages to post personal information of relatives of French soldiers participating in action against ISIS.

Bundestag attack

These groups are believed to have organised six-month-long cyber attacks on the German parliament that began in December 2014.

It is also suspected to be behind a spearphishing attack in August 2016 on members of the Bundestag and multiple political parties such as Linken-faction leader Sahra Wagenknecht, Junge Union and the CDU of Saarland.

First published: 17 October 2016, 2:54 IST