Pages

Friday, 24 November 2017

Russian Fancy Bear hackers' UK link revealed

Crookservers webpage
Russian hackers spent well over $6,000 at Crookservers
When Russia's most notorious hackers hired servers from a UK-registered company, they left a trove of clues behind, the BBC has discovered.

The hackers used the computers to attack the German parliament, hijack traffic meant for a Nigerian government website and target Apple devices.

The company, Crookservers, had claimed to be based in Oldham for a time. It says it acted swiftly to eject the hacking team - dubbed Fancy Bear - as soon as it learned of the problem.


Technical and financial records from Crookservers seen by the BBC suggest Fancy Bear had access to significant funds and made use of online financial services, some of which were later closed in anti-money laundering operations.

Fancy Bear - also known as APT28, Sofacy, Iron Twilight and Pawn Storm - has been linked to Russian intelligence.

The group played a key role in 2016's attack on the US's Democratic National Committee (DNC), according to security experts.

Indeed an internet protocol (IP) address that once belonged to a dedicated server hired via Crookservers was discovered in malicious code used in the breach