Russia (Sandworm/Fancy Bear): Two well-known Russian hacking groups are believed to be behind attacks targeting a large number of European governments. Evidence gathered through investigations of the attacks shows tactics and infrastructure which has been tied to both Fancy Bear and Sandworm. The groups were utilizing spear phishing to gather credentials belonging to various members of multiple European governments since mid-2018 through the present. While it is not confirmed, it appears that the actions of each group are coordinated.
Analyst Notes
Currently, it is believed that the campaign probably focused on gathering information from government systems which would allow Russia to make better informed foreign policy decisions, but it is possible that the intention is to gather information to leak at a later date in an attempt to embarrass the affected governments.
