After endless weeks of news stories dealing with ‘Russia’ and ‘hacking’ I was convinced that no other reporting could be done on the topic. It wasn’t until I actually read the unclassified intel report released at the beginning of this month that something peeked my attention. The most recent group who hacked into the DNC was the cyber security team subordinate to a Russian military intelligence agency – the GRU’s Fancy Bear team.
Fancy Bear (Прикольный медведь) is a cyber hacking and espionage group associated with the Russian military. As with any cyber hacking team it is always difficult to interpret which group may responsible for which attack, but organizations such as ThreatConnnect, CrowdStrike, and SecureWorks have assessed with medium to high confidence that Fancy Bear is directly subordinate to the Russian GRU – Military Intelligence. (Гла́вное разве́дывательное управле́ние, aka the Main Intelligence Directorate) In recent years Fancy Bear is believed to have attacked:
- The German Parliament
- The French television network TV5Monde
- The Democratic National Committee
- Ukrainian artillery equipment
The use of the GRU’s Fancy Bear unit is especially interesting when considering the fact that another Russian group had previously hacked into the DNC,the FSB’s hacking group – Cozy Bear. (the Federal Security Service of the Russian Federation, Федеральная служба безопасности Российской Федерации) The FSB is the primary successor of the Soviet era KGB, and it is concerned with domestic surveillance and counter terrorism operations.
This leaves two possibilities as a result of both agencies hacking into the DNC at different times. Either the two organizations, the GRU’s Fancy Bear and the FSB’s Cozy Bear hacking groups are issued generalized directives that leaves them to compete with one another for inter-agency prestige and funding rights (similar to American intelligence agencies); or, as a result of the information first found by the FSB’s Cozy Bear, the Kremlin (and most likely Vladimir Putin) then tasked its military agency,the GRU, to see through future hacks of the DNC by its military unit.
If the former case is correct, it is possible that the Kremlin issued more of a blanketed directive which authorizes its cyber security and information operation groups to target any political groups or NGOs in order to cultivate its own intelligence regarding American politics. But if the latter is true, it reflects the severity and importance in which the Kremlin placed on the hacks leading up to the 2016 presidential election. Utilizing a military intelligence agency to follow up on what most cyber security experts would describe as a simple trick; phishing, speaks more to the aggressive and important nature of the hacks rather than the hacking itself.
Since Vladimir Putin’s return to office in 2012, the West has experienced a growing number of old Soviet KGB tricks like the honey trap, information warfare, and propaganda; now the Kremlin has quite possibly also reverted back to political warfare as well.