Fancy Bear Leveraging OVH


Just curious as to why Fancy Bear is hosting files on OVH Hosting and nobody is taking it down! More than likely it is a compromised server in the OVH space that they are leveraging to attack adversaries or they are getting help.

OVH did not respond to our notification and the offending files are still being hosted.

Who is Fancy Bear?

Fancy Bear (also known as APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM) is a cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. Security firms SecureWorks, ThreatConnect, and Fireeye's Mandiant have also said the group is sponsored by the Russian government.

The name "Fancy Bear" does not originate from the hacker group itself, but was derived from a coding system that security researcher Dmitri Alperovitch uses for identifying hackers.

Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of nation-state actors.[citation needed] The threat group is known to target government, military, and security organizations, especially Transcaucasian and NATO-aligned states. Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the French television station TV5Monde, the White House, NATO, the Democratic National Committee, Organization for Security and Co-operation in Europe and the campaign of French presidential candidate Emmanuel Macron.

The group serves the political interests of the Russian government, which includes helping foreign candidates that are favored by it to win elections (such as when they leaked Hillary Clinton's emails to help gain traction for Donald Trump during the United States 2016 Elections).

Fancy Bear's behavior has been classified as an advanced persistent threat. They employ zero-day vulnerabilities and use spear phishing and malware to compromise targets.

#FancyBear

0 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.