From UPSC perspective, the following things are important :
Prelims level : Strontium
Mains level : Cyber espionage
Recently, Microsoft said that it had disrupted cyberattacks from a Russian nation-state hacking group called ‘Strontium’.
What is Strontium?
- Strontium, also known as Fancy Bear, Tsar Team, Pawn Storm, Sofacy, Sednit or Advanced Persistent Threat 28 (APT28) group, is a highly active and prolific cyber-espionage group.
- It is one of the most active APT groups and has been operating since at least the mid-2000s, making it one of the world’s oldest cyber-spy groups.
- It has access to highly sophisticated tools to conduct spy operations, and has been attacking targets in the US, Europe, Central Asia and West Asia.
- The group is said to be connected to the GRU, the Russian Armed Forces’ main military intelligence wing.
- The GRU’s cyber units are believed to have been responsible for several cyberattacks over the years and its unit 26165 is identified as Fancy Bear.
How does it attack networks?
- The group deploys diverse malware and malicious tools to breach networks.
- In the past, it has used X-Tunnel, SPLM (or CHOPSTICK and X-Agent), GAMEFISH and Zebrocy to attack targets.
- These tools can be used as hooks in system drivers to access local passwords, and can track keystroke, mouse movements, and control webcam and USB drives.
- APT28 uses spear-phishing (targeted campaigns to gain access to an individual’s account) and zero-day exploits (taking advantage of unknown computer-software vulnerabilities) to target specific individuals and organizations.
- It has used spear-phishing and sometimes water-holing to steal information, such as account credentials, sensitive communications and documents.
- A watering hole attack compromises a site that a targeted victim visits to gain access to the victim’s computer and network.