Russia (Sandworm/Fancy Bear): Two well-known Russian hacking groups are believed to be behind attacks targeting a large number of European governments. Evidence gathered through investigations of the attacks shows tactics and infrastructure which has been tied to both Fancy Bear and Sandworm. The groups were utilizing spear phishing to gather credentials belonging to various members of multiple European governments since mid-2018 through the present. While it is not confirmed, it appears that the actions of each group are coordinated.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased