Russian hackers behind DNC breach now targeting Europe, South America

Welcome to the Fancy Bear World Tour.

Alfred Ng Senior Reporter / CNET News

Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.

See full bio

Alfred Ng

Oct. 4, 2018 6:00 a.m. PT

2 min read

The Russian hackers behind the DNC breach now have their sights set on governments in South America and Europe.
Aaron Robinson/CNET

The Russian hackers who meddled with the 2016 US presidential elections have been attacking governments in other continents, according to Symantec.

Researchers from the cybersecurity company spotted activity coming from Russian hackers targeting military and government organizations, embassies and international groups in South America and Europe.

The Sofacy Group, also known as Fancy Bear or APT28, is the Russian hacking organization that's been linked to multiple cyberattacks, including a malware campaign earlier this year that infected more than half a million routers around the world.

One of Fancy Bear's most notorious attacks was against the Democratic National Committee in 2016, where 12 hackers infected the organization's servers and stole emails from staffers in an effort to influence the presidential race.

It isn't new for government-supported hackers, like Fancy Bear, to attack other governments. Countries like Iran and North Korea also use cyberattacks to target other countries. But there's concern that these cyberattacks will continue to ramp up, with massive potential for international espionage.

The attacks on the US election in 2016 were highly publicized, as Russian hackers created fake accounts on social media to widely distribute stolen material. But Symantec researchers said the group has returned to a quieter strategy -- gathering information in the background without being detected.

Many of these attacks are using the same malware used against the DNC, including X-Agent, a virus that harvests data from an infected computer. They've also updated X-Tunnel, malware that was used during the DNC breach to compress stolen files and send it back to their own servers.

Symantec's researchers said they spotted this malware targeting government devices in Europe and South America, but did not specify what organizations or politicians have been affected.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.