![a laptop computer sitting on top of a table: BERLIN, GERMANY - MARCH 01: In this photo illustration artwork found on the Internet showing Fancy Bear is seen on the computer of the photographer during a session in the plenary hall of the Bundestag, the German parliament, on March 1, 2018 in Berlin, Germany. German authorities announced yesterday that administrative computers of the German government, including those of government ministries and parliament, had been infiltrated with malware. Authorities said they suspect the Russian hacker group APT28, also known as Fancy Bear. (Photo by Sean Gallup/Getty Images)](https://www.msn.com/{"default":{"load":"default","w":"80","h":"53","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19FZiK.img?h=533&w=799&m=6&q=60&o=f&l=f"},"size3column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19FZiK.img?h=417&w=624&m=6&q=60&o=f&l=f"},"size2column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB19FZiK.img?h=417&w=624&m=6&q=60&o=f&l=f"}})
BERLIN, GERMANY – MARCH 01: In this photo illustration artwork found on the Internet showing Fancy Bear is seen on the computer of the photographer during a session in the plenary hall of the Bundestag, the German parliament, on March 1, 2018 in Berlin, Germany. German authorities announced yesterday that administrative computers of the German government, including those of government ministries and parliament, had been infiltrated with malware. Authorities said they suspect the Russian hacker group APT28, also known as Fancy Bear. (Photo by Sean Gallup/Getty Images)
Russia’s 2020 hacking campaigns might have included a successful data breach at the US government. In the wake of a CISA notice warning of a cyberattack on an unnamed federal agency’s network, Wired and security company Dragos have obtained evidence suggesting Russia’s state-backed APT28 group, better known as Fancy Bear, was behind the hack.
Load Error
The FBI reportedly sent alerts to some hacking victims in May warning that Fancy Bear was widely targeting US networks, including an IP address mentioned in the recent cyberattack notice. There was also “infrastructure overlap” and behavior patterns pointing to the Russian group, Dragos’ Joe Slowik said. Some of the IP addresses match criminal operations, but Slowik believed Fancy Bear might be reusing criminal tech to help cover its trail.
Security expert Costin Raiu added that an apparent copy of the malware uploaded to a research reposityory also appeared to be a unique combination of existing hacking tools that had no obvious connections to known hacking teams. While that doesn’t definitively link the malware to Fancy Bear, it suggests the attack was relatively sophisticated.
The intruders used compromised logins to plant malware and get “persistent” access to systems on the agency’s network, using that to steal files.
US officials haven’t responded to requests for comment.
While it wouldn’t be shocking if Russia was behind the breach, it would still be worrying. It would indicate that Russia was not only launching an assault on US government systems, but managed to grab substantial data. It’s just a question of whether or not the damage was severe enough to significantly hamper operations.