‘Part of continuing war with Russia’: Denmark blames ‘Fancy Bears’ for hack on armed forces emails
Denmark’s security service, Politiets Efterretningstjeneste’s (PET) Centre for Cyber Security said in its report that a “foreign player” had accessed non-classified documents, and found the hacking group APT [Advanced Persistent Threat] 28, aka Fancy Bear, was behind the hacks which took place between March 2015 and October 2016.
"Russia as a state does not do hacking attacks," Kremlin spokesman Dmitry Peskov
Fancy Bear has been accused of being behind DCLeaks, the site which leaked emails from former NATO Commander General Philip Breedlove, emails connected to George Soros and his Open Society Foundation and Hillary Clinton emails. It was also linked to hacks on the World Anti-Doping Agency.
Fancy Bear was given its title by private security company CrowdStrike, which was hired by the Democratic National Committee after it was hacked during the 2016 election.
The company said Russian Intelligence Services-linked hacking groups, named APT28 and APT29, aka Cozy Bear, were behind the hack.
It tied an email phishing campaign, sent to more than 1,000 recipients, to APT29, and said some of the malware found on DNC computers was believed to be the same as that used by two hacking groups.
It connected a domain name registration to an IP address tied to Fancy Bear, and found cyrillic text in the leaked files.
Recent WikiLeaks releases pertaining to CIA hacking tools suggest the agency has the ability to mask its own hacks by stealing other hacking fingerprints, allowing it to attribute blame to others. The techniques include the ability to “add foreign languages” to malware.