A Russian hacking group known as Fancy Bear targeted the emails of Democratic state parties in Indiana and California earlier this year as well as progressive think tanks, Reuters reported. The attempts were apparently not successful and were flagged by Microsoft, according to Reuters, with targets that included the Council on Foreign Relations, the Carnegie Endowment for International Peace, and the Center for American Progress.
The Russian embassy denied the allegations to Reuters, calling it “fake news.”
Fancy Bear has been connected to GRU, a Russian military intelligence agency, and in 2018, the Department of Justice indicted 12 members of GRU for hacking the Clinton campaign and the DNC. Fancy Bear was previously linked to the 2016 hacks of the Democratic National Committee and John Podesta, then-chair of the Clinton campaign. Emails collected through the hacks were published by WikiLeaks before the 2016 presidential election and proved damaging to the Clinton campaign.
Despite confirmation from the US intelligence community that the Russian government was behind the hack, President Trump has repeatedly expressed doubts that Russia was involved.
Microsoft said in a security report last month that Fancy Bear — also known as Strontium, or APT28 — was back and looking for targets related to the upcoming presidential election. The majority of the attacks were not successful, according to Microsoft, but Reuters previously reported that the hackers were targeting a communications firm working with the presidential campaign of Joe Biden and other prominent Democrats. The Biden campaign said at the time that a foreign actor had tried to breach the non-campaign email accounts of people affiliated with the campaign, but was not successful.
But Fancy Bear is nothing if not persistent, and according to cybersecurity firm FireEye, it’s known for going above and beyond the typical hack to get the information it wants. The group’s “unique history raises the prospect of follow-on information operations or other devastating activity,” FireEye warned in a note to customers.