The Russian Foreign Ministry’s statement was a response to the Microsoft announcement on August 20 that the company has moved to seize control over six internet domains affiliated with the Russian military intelligence.
“Microsoft’s Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six internet domains created by a group widely associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28,” the president of Microsoft, Brad Smith wrote in a blog post.
Smith also noted, that Microsoft has used a similar approach “12 times in two years to shut down 84 fake Websites associated with the same group.”
The Russian Foreign Ministry’s denial of this evidence is false, and portraying Microsoft’s move as an attempt to hide evidence is nonsensical.
There are multiple publicly available reports by different governments and non-government cyber security firms worldwide. These reports offer detailed forensic analyses unveiling the cyber espionage and criminal hacking activities of the group as well as demonstrating their affiliation with the Russian military intelligence/Russian government.
The groups’ multiple nicknames have been revealed, they include Pawn Storm, Fancy Bear, APT28, Sofacy, STRONTIUM and others.
The detailed forensic evidence of Fancy Bear’s criminal activities and its direct connection to the Russian state was published in April 2017 by a Tokyo, Japan-based cyber security firm Trend Micro.
For over the seven years, Trend Micro tracked and documented Fancy Bear’s activities. The security firm has known of Fancy Bear’s existence since 2004. The chronology of the groups’ cybercrimes documented in the report begins in June 2014.
During two years – 2014 to 2015, Fancy Bear:
- Compromised Polish government Websites;
- Attacked a U.S. nuclear fuel dealer, setting up fake Outlook Access login pages for its employees;
- Launched fake login page attacks against American and EU military and defense institutions;
- Attacked corporate accounts of 55 employees of a U.S. newspaper;
- Launched a massive Gmail phishing attack against three popular YouTube bloggers after they interviewed then-president Barack Obama;
- Started using malicious iOS applications for espionage;
- Launched an attack against NATO members;
- Attacked the French channel, TV5Monde, putting its global channels off air;
- Launched a domestic spying campaign targeting Russian dissidents, including the spouses of senior U.S. officials;
- Set up a fake server mimicking the SFTP (Secure File Transfer Protocol) server of the Safety Board and created a fake Outlook Web Access server to target the MH17 investigation;
- Launched a spear phishing Email attack against multiple foreign ministries worldwide using the Adobe Flash exploit code.
The Trend Micro report said in 2016 alone, the groups’ activities increased by 400 percent becoming more focused on cyber espionage, targeted cyber propaganda campaigns and hacking of high profile political targets. During that presidential election year, United States political groups and individuals dominated the groups’ targeting, though among other victims were the Bulgarian army, the Polish Defense Ministry, Turkish and Arabic media outlets, Turkish, German, and French political parties, the Parliament of Montenegro, the World Anti-Doping agency and many others.
Polygraph.info has previously debunked the Russian denials that Fancy Bearhacked into the World Anti-Doping Agency (WADA) and published confidential medical data of U.S. athletes.
A cyber security and forensic consulting firm, FireEye Inc., d/b/a Mandiant, hired by WADA conducted an investigation into Fancy Bear, which, the firm said, led to the Russian military intelligence.
WADA then published a report calling the Fancy Bear, a “Russian cyber espionage group” which revealed evidence of the group’s affiliation with the Russian military.
We have also debunked a denial of Russia’s cyberattacks targeting the campaign of France’s then-presidential candidate Emmanuel Macron. Kremlin Press Secretary Dmitry Peskov said the evidence of such activities was just a “fantasy” but the fact check showed the evidence was verifiable and plausible.