If this is your first time hearing of Fancy Bear, just know that it definitely won’t be your last. Fancy Bear is one of the most infamous hacker groups of all times. Some of their endeavors include the invasion of the Democratic National Committee that disrupted the 2016 election, numerous attacks on Ukrainian citizens, and now their latest mission: going after corporate offices through fairly interesting mediums.
Fancy Bear also goes by Strontium and APT28, and is said to be associated with GRU, a Russian military intelligence agency. To complete their mission, they have hacked into phones, voice mail boxes, and even office printers.
Microsoft Threat Intelligence Center
In April of 2019, Microsoft’s Threat Intelligence Center caught wind of what Fancy Bear was doing. Most people usually secure phones and computers as much as possible, but what most forget to do is secure machines like printers, copiers, and cameras. Fancy Bear saw an opportunity with these devices, and they jumped on it.
Fancy Bear had easy access to machines like copiers because it is common for the default passwords to be left on after being bought by a customer. Another way the hackers gained entrance to these machines was when they weren’t updated with a security update. But once they stole access, they scanned the area to see what else they could find. Their targets included “critical government or civic infrastructure including political, defense, medical, and engineering networks” (digitaltrends.com). They also attacked the Olympic organizing committees, anti-doping agencies, and the hospitality industry.
Microsoft also had some words to exchange about Fancy Bear’s activities: “Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data” (tonernews.com)
The FBI have taken measures to combat Fancy Bear by creating a program that detects malware on printers, copiers, and cameras. Threat actors like Fancy Bear are more than just a threat to privacy and will use any unsecured device to gain entrance into an organization’s network.