Cyber Security – CERTs, Policy, etc

Strontium: A Cyber-Espionage Group


From UPSC perspective, the following things are important :

Prelims level : Strontium

Mains level : Cyber espionage

Recently, Microsoft said that it had disrupted cyberattacks from a Russian nation-state hacking group called ‘Strontium’.

What is Strontium?

  • Strontium, also known as Fancy Bear, Tsar Team, Pawn Storm, Sofacy, Sednit or Advanced Persistent Threat 28 (APT28) group, is a highly active and prolific cyber-espionage group.
  • It is one of the most active APT groups and has been operating since at least the mid-2000s, making it one of the world’s oldest cyber-spy groups.
  • It has access to highly sophisticated tools to conduct spy operations, and has been attacking targets in the US, Europe, Central Asia and West Asia.
  • The group is said to be connected to the GRU, the Russian Armed Forces’ main military intelligence wing.
  • The GRU’s cyber units are believed to have been responsible for several cyberattacks over the years and its unit 26165 is identified as Fancy Bear.

How does it attack networks?

  • The group deploys diverse malware and malicious tools to breach networks.
  • In the past, it has used X-Tunnel, SPLM (or CHOPSTICK and X-Agent), GAMEFISH and Zebrocy to attack targets.
  • These tools can be used as hooks in system drivers to access local passwords, and can track keystroke, mouse movements, and control webcam and USB drives.
  • APT28 uses spear-phishing (targeted campaigns to gain access to an individual’s account) and zero-day exploits (taking advantage of unknown computer-software vulnerabilities) to target specific individuals and organizations.
  • It has used spear-phishing and sometimes water-holing to steal information, such as account credentials, sensitive communications and documents.
  • A watering hole attack compromises a site that a targeted victim visits to gain access to the victim’s computer and network.


UPSC 2022 countdown has begun! Get your personal guidance plan now! (Click here)

Notify of
Inline Feedbacks
View all comments