Global RDoS Campaign – Fancy Bear


October 24, 2019 03:00 PM

Over the last week, Radware’s Emergency Response Team (ERT) has been tracking an emerging global ransom denial of service (RDoS) campaign from a group identifying itself as the Russian cyber espionage group, Fancy Bear.

Download Complete Alert

Abstract

Over the last week, Radware’s Emergency Response Team (ERT) has been tracking an emerging global ransom denial of service (RDoS) campaign from a group identifying itself as the Russian cyber espionage group, Fancy Bear. This campaign is similar to the one Radware reported on two years ago. This new group has been distributing extortion emails to financial institutions globally for the past week. As of this moment, victims are still receiving ransom notes.


Figure 1: 2019 Fancy Bear Extortion Letter (Current)

Background

In mid-October 2019, Radware’s ERT began mitigating sample attacks launched by an RDoS group claiming to be Fancy Bear. The extortionists currently behind this campaign attempted to intimidate their victims by using the name of APT28 (Fancy Bear), an infamous cyber-espionage group. APT28 is a Russian-backed cyber espionage group that is also known as Pawn Storm, Sofacy Group, Tsar Team and Fancy Bear and is notorious for international hacking related to influence and disinformation operations. RDoS attacks are not the modus operandi for Fancy Bears’ to date.

Starting in October 2019, almost 2 years after the first major campaign leveraged the name, Fancy Bear began appearing on extortion letters again in a new RDoS campaign. This time, Fancy Bear is requesting 2 bitcoins, $17,400 at the time of delivery, with the ransom increasing by one bitcoin every day without payment.

Continue Reading...

Click here to download a copy of the full ERT Threat Alert.

Download the full threat alert Now

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia