A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified—and appear likely to be part of a notorious team of cyberspies working in the service of Russia’s military intelligence agency, the GRU.
Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. It identified neither the attackers nor the agency, but it did detail the hackers’ methods and their use of a new and unique form of malware in an operation that successfully stole target data. Now, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest a likely answer to the mystery of who was behind the intrusion: They appear to be Fancy Bear, a team of hackers working for Russia’s GRU. Also known as APT28, the group has been responsible for everything from hack-and-leak operations targeting the 2016 US presidential election to a broad campaign of attempted intrusions targeting political parties, consultancies, and campaigns this year.