Recently, Microsoft said that it had disrupted cyberattacks from a Russian nation-state hacking group called ‘Strontium’.

What is Strontium?

• Strontium, also known as Fancy Bear, Tsar Team, Pawn Storm, Sofacy, Sednit or Advanced Persistent Threat 28 (APT28) group, is a highly active and prolific cyber-espionage group.
• It is one of the most active APT groups and has been operating since at least the mid-2000s, making it one of the world’s oldest cyber-spy groups.
• It has access to highly sophisticated tools to conduct spy operations, and has been attacking targets in the US, Europe, Central Asia and West Asia.
• The group is said to be connected to the GRU, the Russian Armed Forces’ main military intelligence wing.
• The GRU’s cyber units are believed to have been responsible for several cyberattacks over the years and its unit 26165 is identified as Fancy Bear.

How does it attack networks?

• The group deploys diverse malware and malicious tools to breach networks.
• In the past, it has used X-Tunnel, SPLM (or CHOPSTICK and X-Agent), GAMEFISH and Zebrocy to attack targets.
• These tools can be used as hooks in system drivers to access local passwords, and can track keystroke, mouse movements, and control webcam and USB drives.
• APT28 uses spear-phishing (targeted campaigns to gain access to an individual’s account) and zero-day exploits (taking advantage of unknown computer-software vulnerabilities) to target specific individuals and organizations.
• It has used spear-phishing and sometimes water-holing to steal information, such as account credentials, sensitive communications and documents.
• A watering hole attack compromises a site that a targeted victim visits to gain access to the victim’s computer and network.

UPSC 2022 countdown has begun! Get your personal guidance plan now! (Click here)

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now