Misplaced Pages

#863136

134-533: Fancy Bear is classified by FireEye as an advanced persistent threat . Among other things, it uses zero-day exploits, spear phishing and malware to compromise targets. The group promotes the political interests of the Russian government, and is known for hacking Democratic National Committee emails to attempt to influence the outcome of the United States 2016 presidential elections. The name "Fancy Bear" comes from

268-865: A Washington Post columnist, Shane Harris , a Daily Beast writer who in 2015 covered intelligence issues, Michael Weiss , a CNN security analyst, Jamie Kirchick with the Brookings Institution , 30 media targets in Ukraine, many at the Kyiv Post , reporters who covered the Russian-backed war in eastern Ukraine , as well as in Russia where the majority of journalists targeted by the hackers worked for independent news (e.g. Novaya Gazeta or Vedomosti ) such as Ekaterina Vinokurova at Znak.com and mainstream Russian journalists Tina Kandelaki , Ksenia Sobchak , and

402-766: A KGB foreign intelligence officer for 16 years, rising to the rank of lieutenant colonel . He resigned in 1991 to begin a political career in Saint Petersburg. In 1996, he moved to Moscow to join the administration of President Boris Yeltsin . He briefly served as the director of the Federal Security Service (FSB) and then as secretary of the Security Council of Russia before being appointed prime minister in August 1999. Following Yeltsin's resignation, Putin became acting president and, in less than four months,

536-487: A full-scale invasion of Ukraine , which prompted international condemnation and led to expanded sanctions . In September 2022, he announced a partial mobilization and forcibly annexed four Ukrainian oblasts into Russia . In March 2023, the International Criminal Court issued an arrest warrant for Putin for war crimes related to his alleged criminal responsibility for illegal child abductions during

670-591: A plagiarist according to Western standards. One book from which he copied entire paragraphs is the Russian-language edition of King and Cleland 's Strategic Planning and Policy (1978). Balzer wrote on the Putin thesis and Russian energy policy and concludes along with Olcott that "The primacy of the Russian state in the country’s energy sector is non-negotiable", and cites the insistence on majority Russian ownership of any joint-venture, particularly since BASF signed

804-566: A war in eastern Ukraine through several military incursions, resulting in international sanctions and a financial crisis in Russia . He also ordered a military intervention in Syria to support his ally Bashar al-Assad during the Syrian civil war , ultimately securing permanent naval bases in the Eastern Mediterranean . In February 2022, during his fourth presidential term, Putin launched

938-557: A zero-day vulnerability in most Microsoft Windows versions that is the subject of active malware attacks. On November 1, 2016, Microsoft Executive Vice President of the Windows and Devices Group Terry Myerson posted to Microsoft's Threat Research & Response Blog, acknowledging the vulnerability and explaining that a "low-volume spear-phishing campaign" targeting specific users had utilized "two zero-day vulnerabilities in Adobe Flash and

1072-524: A 'grand bargain' with them. This bargain allowed the oligarchs to maintain most of their powers, in exchange for their explicit support for—and alignment with—Putin's government. The Moscow theater hostage crisis occurred in October 2002. Many in the Russian press and in the international media warned that the deaths of 130 hostages in the special forces' rescue operation during the crisis would severely damage President Putin's popularity. However, shortly after

1206-479: A U.S. federal grand jury of seven Russian men, all GRU officers, in relation to the attacks was unsealed. The indictment states that from December 2014 until a least May 2018, the GRU officers conspired to conduct "persistent and sophisticated computer intrusions affecting U.S. persons, corporate entities, international organizations, and their respective employees located around the world, based on their strategic interest to

1340-454: A coding system security researcher Dmitri Alperovitch uses to identify hackers. Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of state actors. The group targets government, military, and security organizations, especially Transcaucasian and NATO -aligned states. Fancy Bear is thought to be responsible for cyber attacks on the German parliament ,

1474-521: A concurrent SOFACY attributed exploit against the German Bundestag and credited root9B with having reported, "the same IP address used as Command & Control server in the attack against Bundestag (176.31.112.10)", and went on to say that based on his examination of the Bundestag attack, "at least some" indicators contained within root9B's report appeared accurate, including a comparison of the hash of

SECTION 10

#1732898858864

1608-569: A few in his class of about 45 pupils who were not yet members of the Young Pioneer ( Komsomol ) organization. At the age of 12, he began to practice sambo and judo. In his free time, he enjoyed reading the works of Karl Marx , Friedrich Engels , and Lenin. Putin attended Saint Petersburg High School 281 with a German language immersion program. He is fluent in German and often gives speeches and interviews in that language. Putin studied law at

1742-465: A furor among the German press corps. When asked about the incident in a January 2016 interview with Bild , Putin claimed he was not aware of her phobia, adding, "I wanted to make her happy. When I found out that she did not like dogs, I of course apologized." Merkel later told a group of reporters, "I understand why he has to do this – to prove he's a man. He's afraid of his own weakness. Russia has nothing, no successful politics or economy. All they have

1876-417: A group researching the shooting down of Malaysia Airlines Flight 17 over Ukraine, were targeted by numerous spearphishing emails. The messages were fake Gmail security notices with Bit.ly and TinyCC shortened URLs. According to ThreatConnect , some of the phishing emails had originated from servers that Fancy Bear had used in previous attacks elsewhere. Bellingcat is known for having demonstrated that Russia

2010-445: A link to a spoof website that is designed to mimic a real webmail interface, users will attempt to login and their credentials will be stolen. The URL is often obscured as a shortened bit.ly link in order to get past spam filters . Fancy Bear sends these phishing emails primarily on Mondays and Fridays. They also send emails purportedly containing links to news items, but instead linking to malware drop sites that install toolkits onto

2144-496: A member of the Saint Petersburg city government, was one of the suspects, was dropped. On 30 December 2000, yet another case against the prosecutor general was dropped "for lack of evidence", despite thousands of documents having been forwarded by Swiss prosecutors. On 12 February 2001, Putin signed a similar federal law which replaced the decree of 1999. A case regarding Putin's alleged corruption in metal exports from 1992

2278-509: A news media company that must move information. Security firm root9B released a report on Fancy Bear in May 2015 announcing its discovery of a targeted spear phishing attack aimed at financial institutions. The report listed international banking institutions that were targeted, including the United Bank for Africa , Bank of America , TD Bank , and UAE Bank. According to the root9B, preparations for

2412-530: A number of implants, including Foozer, WinIDS, X-Agent , X-Tunnel, Sofacy, and DownRange droppers. Based on compile times, FireEye concluded that Fancy Bear has consistently updated their malware since 2007. To avert detection, Fancy Bear returns to the environment to switch their implants, changes its command and control channels, and modifies its persistent methods. The threat group implements counter-analysis techniques to obfuscate their code . They add junk data to encoded strings, making decoding difficult without

2546-439: A physical location to enable network attacks. The purpose of these attacks is to install custom malware (malicious software) . APT attacks on mobile devices have also become a legitimate concern, since attackers are able to penetrate into cloud and mobile infrastructure to eavesdrop, steal, and tamper with data. The median "dwell-time", the time an APT attack goes undetected, differs widely between regions. FireEye reported

2680-616: A potential successor. Following the September 1999 Russian apartment bombings and the invasion of Dagestan by mujahideen , including the former KGB agents, based in the Chechen Republic of Ichkeria , Putin's law-and-order image and unrelenting approach to the Second Chechen War soon combined to raise his popularity and allowed him to overtake his rivals. While not formally associated with any party, Putin pledged his support to

2814-546: A private taxi driver to earn extra money, or considered such a job. On 28 June 1991, Putin became head of the Committee for External Relations of the Mayor's Office , with responsibility for promoting international relations and foreign investments and registering business ventures. Within a year, Putin was investigated by the city legislative council led by Marina Salye . It was concluded that he had understated prices and permitted

SECTION 20

#1732898858864

2948-477: A specific target similar to the chess strategy," known as pawn storm . Network security firm FireEye released a detailed report on Fancy Bear in October 2014. The report designated the group as "Advanced Persistent Threat 28" (APT28) and described how the hacking group used zero-day exploits of the Microsoft Windows operating system and Adobe Flash . The report found operational details indicating that

3082-496: A technical feat that would require large numbers of programmers seeking out previously unknown vulnerabilities in top-of-the-line commercial software. This is regarded as a sign that Fancy Bear is a state-run program and not a gang or a lone hacker. One of Fancy Bear's preferred targets is web-based email services. A typical compromise will consist of web-based email users receiving an email urgently requesting that they change their passwords to avoid being hacked. The email will contain

3216-776: A time of heightened tensions between the Ecumenical Patriarchate, the seniormost of all the Eastern Orthodox Churches , and the Russian Orthodox Church (the Moscow Patriarchate) over the issue of the full ecclesiastical independence ( autocephaly ) for the Orthodox Church in Ukraine , sought after by the Ukrainian government. The publication cited experts as saying that the grant of autocephaly to

3350-597: A version of the ADVSTORESHELL implant that had been used to target defense contractors. An hour and a half following the block, Fancy Bear actors had compiled and delivered a new backdoor for the implant. Unit 26165 was involved in the design of the curriculum at several Moscow public schools, including School 1101. Fancy Bear sometimes creates online personas to sow disinformation, deflect blame, and create plausible deniability for their activities. Advanced persistent threat An advanced persistent threat ( APT )

3484-750: A weak cyber link that are neither well understood nor mitigated, constituting a significant attack vector. Multiple organizations may assign different names to the same actor. As separate researchers could each have their own varying assessments of an APT group, companies such as CrowdStrike , Kaspersky , Mandiant , and Microsoft , among others, have their own internal naming schemes. Names between different organizations may refer to overlapping but ultimately different groups, based on various data gathered. CrowdStrike assigns animals by nation-state or other category, such as "Kitten" for Iran and "Spider" for groups focused on cybercrime. Other companies have named groups based on this system — Rampant Kitten, for instance,

3618-414: Is a Russian politician and former intelligence officer who has served as President of Russia since 2012, having previously served from 2000 to 2008. Putin also served as Prime Minister of Russia from 1999 to 2000 and again from 2008 to 2012. At 24 years, 10 months and 29 days, he is the longest-serving Russian or Soviet leader since the 30-year tenure of Joseph Stalin . Putin worked as

3752-831: Is a stealthy threat actor , typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals. Such threat actors' motivations are typically political or economic. Every major business sector has recorded instances of cyberattacks by advanced actors with specific goals, whether to steal, spy, or disrupt. These targeted sectors include government, defense , financial services , legal services , industrial , telecoms , consumer goods and many more. Some groups utilize traditional espionage vectors, including social engineering , human intelligence and infiltration to gain access to

3886-473: Is culpable for the shooting down of MH17, and is frequently derided by the Russian media. The group targeted the Dutch Safety Board , the body conducting the official investigation into the crash, before and after the release of the board's final report. They set up fake SFTP and VPN servers to mimic the board's own servers, likely for the purpose of spearphishing usernames and passwords. A spokesman for

4020-466: Is not based on promises." Putin was barred from a third consecutive term by the Constitution . First Deputy Prime Minister Dmitry Medvedev was elected his successor. In a power-switching operation on 8 May 2008 , only a day after handing the presidency to Medvedev, Putin was appointed Prime Minister of Russia , maintaining his political dominance. Putin has said that overcoming the consequences of

4154-483: Is not known whether the emails are fully authentic, because of Fancy Bear's history of salting stolen emails with disinformation. The mode of attack was also not known, but was probably phishing. Cyber Security experts have also claimed that attacks also appear to have been targeting the professional sports drug test bottling company known as the Berlinger Group. The Swedish Sports Confederation reported Fancy Bear

Fancy Bear - Misplaced Pages Continue

4288-471: Is tasked with coordinating the US military's offensive and defensive cyber operations. Numerous sources have alleged that some APT groups are affiliated with, or are agents of, governments of sovereign states . Businesses holding a large quantity of personally identifiable information are at high risk of being targeted by advanced persistent threats, including: A Bell Canada study provided deep research into

4422-756: Is this." In a speech in February 2007 at the Munich Security Conference , Putin complained about the feeling of insecurity engendered by the dominant position in geopolitics of the United States and observed that a former NATO official had made rhetorical promises not to expand into new countries in Eastern Europe. On 14 July 2007, Putin announced that Russia would suspend implementation of its Treaty on Conventional Armed Forces in Europe obligations, effective after 150 days, and suspend its ratification of

4556-597: The Adapted Conventional Armed Forces in Europe Treaty , which treaty was shunned by NATO members abeyant Russian withdrawal from Transnistria and the Republic of Georgia . Moscow continued to participate in the joint consultative group, because it hoped that dialogue could lead to the creation of an effective, new conventional arms control regime in Europe. Russia did specify steps that NATO could take to end

4690-572: The Federal Security Service (FSB), the primary intelligence and security organization of the Russian Federation and the successor to the KGB. In 1999, Putin described communism as "a blind alley, far away from the mainstream of civilization". On 9 August 1999, Putin was appointed one of three first deputy prime ministers, and later on that day, was appointed acting prime minister of the Government of

4824-433: The Mayor of Leningrad . Putin claims that he resigned with the rank of lieutenant colonel on 20 August 1991, on the second day of the 1991 Soviet coup d'état attempt against Soviet president Mikhail Gorbachev . Putin said: "As soon as the coup began, I immediately decided which side I was on", although he noted that the choice was hard because he had spent the best part of his life with "the organs". In May 1990, Putin

4958-783: The Norwegian parliament , the French television station TV5Monde , the White House , NATO, the Democratic National Committee , the Organization for Security and Co-operation in Europe and the campaign of French presidential candidate Emmanuel Macron . Trend Micro designated the actors behind the Sofacy malware as Operation Pawn Storm on October 22, 2014. The name was due to the group's use of "two or more connected tools/tactics to attack

5092-663: The Permanent Arbitration Court in The Hague . On 7 October 2006, Anna Politkovskaya , a journalist who exposed corruption in the Russian army and its conduct in Chechnya , was shot in the lobby of her apartment building, on Putin's birthday. The death of Politkovskaya triggered international criticism, with accusations that Putin had failed to protect the country's new independent media. Putin himself said that her death caused

5226-623: The Presidential Staff , a post which he retained until May 1998, and chief of the Main Control Directorate of the Presidential Property Management Department (until June 1998). His predecessor in this position was Alexei Kudrin and his successor was Nikolai Patrushev , both future prominent politicians and Putin's associates. On 3 April 1997, Putin was promoted to 1st class Active State Councillor of

5360-488: The Russian economy grew on average by seven percent per year, driven by economic reforms and a fivefold increase in the price of oil and gas. Additionally, Putin led Russia in a conflict against Chechen separatists , reestablishing federal control over the region. While serving as prime minister under Medvedev, he oversaw a military conflict with Georgia and enacted military and police reforms . In his third presidential term, Russia annexed Crimea and supported

5494-614: The Ukrainian army CrowdStrike's numbers were incorrect and that losses in artillery weapons "were way below those reported" and that these losses "have nothing to do with the stated cause". CrowdStrike has since revised this report after the International Institute for Strategic Studies (IISS) disavowed its original report, claiming that the malware hacks resulted in losses of 15–20% rather than their original figure of 80%. On October 31, 2016, Google 's Threat Analysis Group revealed

Fancy Bear - Misplaced Pages Continue

5628-647: The command and control network traffic associated with APT can be detected at the network layer level with sophisticated methods. Deep log analyses and log correlation from various sources is of limited usefulness in detecting APT activities. It is challenging to separate noises from legitimate traffic. Traditional security technology and methods have been ineffective in detecting or mitigating APTs. Active cyber defense has yielded greater efficacy in detecting and prosecuting APTs (find, fix, finish) when applying cyber threat intelligence to hunt and adversary pursuit activities. Human-Introduced Cyber Vulnerabilities (HICV) are

5762-500: The destruction battalion of the NKVD . Later, he was transferred to the regular army and was severely wounded in 1942. Putin's maternal grandmother was killed by the German occupiers of Tver region in 1941, and his maternal uncles disappeared on the Eastern Front during World War II. On 1 September 1960, Putin started at School No. 193 at Baskov Lane, near his home. He was one of

5896-521: The "Fancy Bear" group. The attack was detected by cybersecurity firm Context Information Security which identified that an unauthorised remote access to IAAF's servers had taken place on February 21. IAAF stated that the hackers had accessed the Therapeutic Use Exemption applications, needed to use medications prohibited by WADA. Researchers from Trend Micro in 2017 released a report outlining attempts by Fancy Bear to target groups related to

6030-477: The "Fancy Bears Hack Team" online persona leaked what appeared to be stolen International Olympic Committee (IOC) and U.S. Olympic Committee emails, dated from late 2016 to early 2017, were leaked in apparent retaliation for the IOC's banning of Russian athletes from the 2018 Winter Olympics as a sanction for Russia's systematic doping program . The attack resembles the earlier World Anti-Doping Agency (WADA) leaks. It

6164-486: The 15th anniversary party of Gazprom , its employees threatened Ukraine with a stoppage of flow. On 4 April 2008 at the NATO Bucharest summit , invitee Putin told George W. Bush and other conference delegates: "We view the appearance of a powerful military bloc on our border as a direct threat to the security of our nation. The claim that this process is not directed against Russia will not suffice. National security

6298-669: The 1930s, died in infancy, and Viktor, born in 1940, died of diphtheria and starvation in 1942 during the Siege of Leningrad by Nazi Germany 's forces in World War II . Putin's mother was a factory worker, and his father was a conscript in the Soviet Navy , serving in the submarine fleet in the early 1930s. During the early stage of the Nazi invasion of the Soviet Union , his father served in

6432-696: The AIVD, said on EenVandaag that the hackers were Russian and had tried to gain access to secret government documents. In a briefing to parliament, Dutch Minister of the Interior and Kingdom Relations Ronald Plasterk announced that votes for the Dutch general election in March 2017 would be counted by hand. The officials of International Association of Athletics Federations (IAAF) stated in April 2017 that its servers had been hacked by

6566-633: The Church in Ukraine would erode the power and prestige of the Moscow Patriarchate and would undermine its claims of transnational jurisdiction. Cyber attacks also targeted Orthodox Christians in other countries as well as Muslims, Jews and Catholics in the United States, Ummah, an umbrella group for Ukrainian Muslims, the papal nuncio in Kyiv and Yosyp Zisels, who directs Ukraine's Association of Jewish Organizations and Communities. In October 2018, an indictment by

6700-609: The Czech National Cyber and Information Security Agency  [ cs ] reported a cyber-espionage incident in an unnamed strategic institution, possibly the Ministry of Foreign Affairs , most likely carried out by Fancy Bear. In August 2020 the Norwegian Storting reported a "significant cyber attack" on their e-mail system. In September 2020, Norway's foreign minister , Ine Marie Eriksen Søreide , accused Russia of

6834-680: The DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains". According to the August 2018 report by the Associated Press , Fancy Bear had been for years targeting the email correspondence of the officials of the Ecumenical Patriarchate of Constantinople headed by the Ecumenical Patriarch Bartholomew I . The publication appeared at

SECTION 50

#1732898858864

6968-561: The DNC's network for over a year, Fancy Bear had only been there a few weeks. According to CrowdStrike from 2014 to 2016, the group used Android malware to target the Ukrainian Army's Rocket Forces and Artillery . They distributed an infected version of an Android app whose original purpose was to control targeting data for the D-30 Howitzer artillery. The app, used by Ukrainian officers,

7102-480: The DSB said the attacks were not successful. Fancy Bear carried out spear phishing attacks on email addresses associated with the Democratic National Committee in the first quarter of 2016. On March 10, phishing emails that were mainly directed at old email addresses of 2008 Democratic campaign staffers began to arrive. One of these accounts may have yielded up to date contact lists. The next day, phishing attacks expanded to

7236-436: The East German communist regime commended Putin with a bronze medal for "faithful service to the National People's Army ". Putin has publicly conveyed delight over his activities in Dresden, once recounting his confrontations with anti-communist protestors of 1989 who attempted the occupation of Stasi buildings in the city. "Putin and his colleagues were reduced mainly to collecting press clippings , thus contributing to

7370-443: The Fancy Bear phishing target list. Russian social media trolls have also been known to hype and rumor monger the threat of potential Islamic State terror attacks on U.S. soil in order to sow fear and political tension. On April 8, 2015, French television network TV5Monde was the victim of a cyber-attack by a hacker group calling itself "CyberCaliphate" and claiming to have ties to the terrorist organization Islamic State of Iraq and

7504-493: The Gazprom Nord Stream - Yuzhno-Russkoye deal in 2004 with a 49–51 structure, as opposed to the older 50–50 split of British Petroleum 's TNK-BP project. In 1975, Putin joined the KGB and trained at the 401st KGB School in Okhta, Leningrad . After training, he worked in the Second Chief Directorate ( counterintelligence ), before he was transferred to the First Chief Directorate , where he monitored foreigners and consular officials in Leningrad. In September 1984, Putin

7638-404: The German Democratic Republic or of the USSR. He explained that many documents were left to Germany only because the furnace burst but many documents of the KGB villa were sent to Moscow. After the collapse of the Communist East German government , Putin was to resign from active KGB service because of suspicions aroused regarding his loyalty during demonstrations in Dresden and earlier, although

7772-411: The Iranian government might consider the Stuxnet creators to be an advanced persistent threat. Within the computer security community, and increasingly within the media, the term is almost always used in reference to a long-term pattern of sophisticated computer network exploitation aimed at governments, companies, and political activists, and by extension, also to ascribe the A, P and T attributes to

7906-435: The January 2015 terrorist attacks were "gifts" for his "unforgivable mistake" of partaking in conflicts that "[serve] no purpose". The director-general of TV5Monde, Yves Bigot, later said that the attack nearly destroyed the company; if it had taken longer to restore broadcasting, satellite distribution channels would have been likely to cancel their contracts. The attack was designed to be destructive, both of equipment and of

8040-492: The KGB and the Soviet Army still operated in eastern Germany. He returned to Leningrad in early 1990 as a member of the "active reserves", where he worked for about three months with the International Affairs section of Leningrad State University , reporting to Vice-Rector Yuriy Molchanov , while working on his doctoral dissertation. There, he looked for new KGB recruits, watched the student body, and renewed his friendship with his former professor, Anatoly Sobchak , soon to be

8174-458: The KGB villa in Dresden for the official authorities of the would-be united Germany to prevent demonstrators, including KGB and Stasi agents, from obtaining and destroying them. He then supposedly burnt only the KGB files, in a few hours, but saved the archives of the Soviet Cultural Center for the German authorities. Nothing is told about the selection criteria during this burning; for example, concerning Stasi files or about files of other agencies of

SECTION 60

#1732898858864

8308-506: The Kremlin in the United States, Ukraine, Russia, Georgia, and Syria. Only a handful of Republicans were targeted, however. An AP analysis of 4,700 email accounts that had been attacked by Fancy Bear concluded that no country other than Russia would be interested in hacking so many very different targets that seemed to have nothing else in common other than their being of interest to the Russian government. Fancy Bear also seems to try to influence political events in order for friends or allies of

8442-409: The Kremlin. Khodorkovsky was arrested, Yukos was bankrupted, and the company's assets were auctioned at below-market value, with the largest share acquired by the state company Rosneft . The fate of Yukos was seen as a sign of a broader shift of Russia towards a system of state capitalism . This was underscored in July 2014, when shareholders of Yukos were awarded $ 50 billion in compensation by

8576-484: The Kremlin. According to the Associated Press and SecureWorks, this group of journalists is the third largest group targeted by Fancy Bear after diplomatic personnel and U.S. Democrats. Fancy Bear's targeted list includes Adrian Chen , the Armenian journalist Maria Titizian, Eliot Higgins at Bellingcat , Ellen Barry and at least 50 other New York Times reporters, at least 50 foreign correspondents based in Moscow who worked for independent news outlets, Josh Rogin ,

8710-464: The Leningrad State University named after Andrei Zhdanov (now Saint Petersburg State University ) in 1970 and graduated in 1975. His thesis was on "The Most Favored Nation Trading Principle in International Law". While there, he was required to join the Communist Party of the Soviet Union (CPSU); he remained a member until it ceased to exist in 1991. Putin met Anatoly Sobchak , an assistant professor who taught business law , and who later became

8844-403: The Levant (ISIL). French investigators later discounted the theory that militant Islamists were behind the cyber-attack, instead suspecting the involvement of Fancy Bear. Hackers breached the network's internal systems, possibly aided by passwords openly broadcast by TV5, overriding the broadcast programming of the company's 12 channels for over three hours. Service was only partially restored in

8978-441: The RAF in West Germany. Klaus Zuchold, who claimed to be recruited by Putin, said that Putin handled a neo-Nazi , Rainer Sonntag, and attempted to recruit an author of a study on poisons. Putin reportedly met Germans to be recruited for wireless communications affairs together with an interpreter. He was involved in wireless communications technologies in South-East Asia due to trips of German engineers, recruited by him, there and to

9112-492: The Russian Federation by President Yeltsin . Yeltsin also announced that he wanted to see Putin as his successor. Later on that same day, Putin agreed to run for the presidency. On 16 August, the State Duma approved his appointment as prime minister with 233 votes in favor (vs. 84 against, 17 abstained), while a simple majority of 226 was required, making him Russia's fifth prime minister in fewer than eighteen months. On his appointment, few expected Putin, virtually unknown to

9246-465: The Russian Federation that are political enemies of the Kremlin, including former oil tycoon Mikhail Khodorkovsky , and Maria Alekhina of the band Pussy Riot . SecureWorks, a cybersecurity firm headquartered in the United States, concluded that from March 2015 to May 2016, the "Fancy Bear" target list included not merely the United States Democratic National Committee and the Republican National Committee as well, but tens of thousands of foes of Putin and

9380-409: The Russian Federation —the highest federal state civilian service rank . On 27 June 1997, at the Saint Petersburg Mining Institute , guided by rector Vladimir Litvinenko , Putin defended his Candidate of Science dissertation in economics, titled Strategic Planning of the Reproduction of the Mineral Resource Base of a Region under Conditions of the Formation of Market Relations . This exemplified

9514-553: The Russian government . The defendants were charged with computer hacking , wire fraud , aggravated identity theft , and money laundering . In February 2019, Microsoft announced that it had detected spear-phishing attacks from APT28, aimed at employees of the German Marshall Fund , Aspen Institute Germany, and the German Council on Foreign Relations . Hackers from the group purportedly sent phishing e-mails to 104 email addresses across Europe in an attempt to gain access to employer credentials and infect sites with malware. In 2020,

9648-505: The Russian government to gain power. In 2011–2012, Fancy Bear's first-stage malware was the "Sofacy" or SOURFACE implant. During 2013, Fancy Bear added more tools and backdoors, including CHOPSTICK, CORESHELL, JHUHUGIT, and ADVSTORESHELL. From mid-2014 until the fall of 2017, Fancy Bear targeted numerous journalists in the United States, Ukraine, Russia, Moldova, the Baltics, and other countries who had written articles about Vladimir Putin and

9782-588: The Russian government." The U.S. Department of Justice stated that the conspiracy, among other goals, aimed "to publicize stolen information as part of an influence and disinformation campaign designed to undermine, retaliate against, and otherwise delegitimize" the efforts of the World Anti-Doping Agency , an international anti-doping organization that had published the McLaren Report , a report that exposed extensive doping of Russian athletes sponsored by

9916-479: The Russian television anchor Pavel Lobkov , all of which worked for TV Rain . Fancy Bear is thought to have been responsible for a six-month-long cyber-attack on the German parliament that began in December 2014. On 5 May 2020, German federal prosecutors issued an arrest warrant for Dimitri Badin in relation with the attacks. The attack completely paralyzed the Bundestag's IT infrastructure in May 2015. To resolve

10050-472: The Saint Petersburg branch of the pro-government Our Home – Russia political party, the liberal party of power founded by Prime Minister Viktor Chernomyrdin . In 1995, he managed the legislative election campaign for that party, and from 1995 through June 1997, he was the leader of its Saint Petersburg branch. In June 1996, Sobchak lost his bid for re-election in Saint Petersburg, and Putin, who had led his election campaign, resigned from his positions in

10184-635: The TV station's operations, such as the encoder systems. They used seven different points of entry, not all part of TV5Monde or even in France—one was a company based in the Netherlands that supplied the remote controlled cameras used in TV5's studios. Between February 16 and March 25 the attackers collected data on TV5 internal platforms, including its IT Internal Wiki , and verified that login credentials were still valid. During

10318-512: The US, for the first time since the downfall of the USSR. In December 2007, United Russia —the governing party that supports the policies of Putin—won 64.24% of the popular vote in their run for State Duma according to election preliminary results. United Russia's victory in the December 2007 elections was seen by many as an indication of strong popular support of the then Russian leadership and its policies. On 11 February 2008, while Putin addressed

10452-596: The West. However, a 2023 investigation by Der Spiegel reported that the anonymous source had never been an RAF member and is "considered a notorious fabulist" with "several previous convictions, including for making false statements". According to Putin's official biography, during the fall of the Berlin Wall that began on 9 November 1989, he saved the files of the Soviet Cultural Center (House of Friendship) and of

10586-614: The anatomy of APTs and uncovered widespread presence in Canadian government and critical infrastructure. Attribution was established to Chinese and Russian actors. Actors behind advanced persistent threats create a growing and changing risk to organizations' financial assets, intellectual property, and reputation by following a continuous process or kill chain : In 2013, Mandiant presented results of their research on alleged Chinese attacks using APT method between 2004 and 2013 that followed similar lifecycle: In incidents analysed by Mandiant,

10720-474: The attack, the hackers ran a series of commands extracted from TACACS logs to erase the firmware from switches and routers . Although the attack purported to be from IS, France's cyber-agency told Bigot to say only that the messages claimed to be from IS. He was later told that evidence had been found that the attackers were the APT 28 group of Russian hackers. No reason was found for the targeting of TV5Monde, and

10854-611: The attack. Norwegian Police Security Service concluded in December 2020 that "The analyses show that it is likely that the operation was carried out by the cyber actor referred to in open sources as APT28 and Fancy Bear," and that "sensitive content has been extracted from some of the affected email accounts.". Fancy Bear employs advanced methods consistent with the capabilities of state actors. They use spear phishing emails, malware drop websites disguised as news sources, and zero-day vulnerabilities. One cybersecurity research group noted their use of six different zero-day exploits in 2015,

10988-470: The attacks started in June 2014 and the malware used "bore specific signatures that have historically been unique to only one organization, Sofacy." Security journalist Brian Krebs questioned the accuracy of root9B's claims, postulating that the attacks had actually originated from Nigerian phishers. In June 2015 well respected security researcher Claudio Guarnieri published a report based on his own investigation of

11122-567: The average period over which the attackers controlled the victim's network was one year, with longest – almost five years. The infiltrations were allegedly performed by Shanghai-based Unit 61398 of People's Liberation Army . Chinese officials have denied any involvement in these attacks. Previous reports from Secdev had previously discovered and implicated Chinese actors. There are tens of millions of malware variations, which makes it extremely challenging to protect organizations from APT. While APT activities are stealthy and hard to detect,

11256-493: The benefits to Russia if Marine Le Pen were elected. The report says they then targeted the German Konrad Adenauer Foundation and Friedrich Ebert Foundation , groups that are associated with Angela Merkel's Christian Democratic Union and opposition Social Democratic Party , respectively. Fancy Bear set up fake email servers in late 2016 to send phishing emails with links to malware. On January 10, 2018,

11390-490: The breach. Another sophisticated hacking group attributed to the Russian Federation, nicknamed Cozy Bear , was also present in the DNC's servers at the same time. However the two groups each appeared to be unaware of the other, as each independently stole the same passwords and otherwise duplicated their efforts. Cozy Bear appears to be a different agency, one more interested in traditional long-term espionage. A CrowdStrike forensic team determined that while Cozy Bear had been on

11524-490: The city administration. He moved to Moscow and was appointed as deputy chief of the Presidential Property Management Department headed by Pavel Borodin . He occupied this position until March 1997. He was responsible for the foreign property of the state and organized the transfer of the former assets of the Soviet Union and the CPSU to the Russian Federation. On 26 March 1997, President Boris Yeltsin appointed Putin deputy chief of

11658-803: The co-author of the Russian constitution . Putin was influential in Sobchak's career in Saint Petersburg, and Sobchak was influential in Putin's career in Moscow. In 1997, Putin received a degree in economics ( kandidat ekonomicheskikh nauk ) at the Saint Petersburg Mining University for a thesis on energy dependencies and their instrumentalisation in foreign policy. His supervisor was Vladimir Litvinenko , who in 2000 and again in 2004 managed his presidential election campaigns in St Petersburg. Igor Danchenko and Clifford Gaddy consider Putin to be

11792-729: The coding system that Dmitri Alperovitch's company CrowdStrike uses for hacker groups. "Bear" indicates that the hackers are from Russia. "Fancy" refers to "Sofacy", a word in the malware that reminded the analyst who found it, of Iggy Azalea 's song " Fancy ". Fancy Bear's targets have included Eastern European governments and militaries, the country of Georgia and the Caucasus , Ukraine, security-related organizations such as NATO , as well as US defense contractors Academi (formerly known as Blackwater and Xe Services), Science Applications International Corporation (SAIC), Boeing, Lockheed Martin, and Raytheon. Fancy Bear has also attacked citizens of

11926-531: The commission for the preparation of agreements on the delimitation of the power of the regions and head of the federal center attached to the president, replacing Sergey Shakhray . After Putin's appointment, the commission completed no such agreements, although during Shakhray's term as the head of the Commission 46 such agreements had been signed. Later, after becoming president, Putin cancelled all 46 agreements. On 25 July 1998, Yeltsin appointed Putin director of

12060-490: The company itself, rather than for propaganda or espionage, as had been the case for most other cyber-attacks. The attack was carefully planned; the first known penetration of the network was on January 23, 2015. The attackers then carried out reconnaissance of TV5Monde to understand how it broadcast its signals, and constructed bespoke malicious software to corrupt and destroy the Internet-connected hardware that controlled

12194-408: The custom in Russia whereby a young rising official would write a scholarly work in mid-career. Putin's thesis was plagiarized . Fellows at the Brookings Institution found that 15 pages were copied from an American textbook. On 25 May 1998, Putin was appointed First Deputy Chief of the Presidential Staff for the regions, in succession to Viktoriya Mitina . On 15 July, he was appointed head of

12328-692: The data the hackers released had been forged. Due to evidence of widespread doping by Russian athletes , WADA recommended that Russian athletes be barred from participating in the 2016 Rio Olympics and Paralympics. Analysts said they believed the hack was in part an act of retaliation against whistleblowing Russian athlete Yuliya Stepanova , whose personal information was released in the breach. In August 2016, WADA revealed that their systems had been breached, explaining that hackers from Fancy Bear had used an International Olympic Committee (IOC)-created account to gain access to their Anti-doping Administration and Management System (ADAMS) database. The hackers then used

12462-433: The day on April 15, which in Russia was a holiday in honor of the military's electronic warfare services. The malware used in the attack sent stolen data to the same servers that were used for the group's 2015 attack on the German parliament . On June 14, CrowdStrike released a report publicizing the DNC hack and identifying Fancy Bear as the culprits. An online persona, Guccifer 2.0 , then appeared, claiming sole credit for

12596-555: The down-level Windows kernel." Microsoft pointed to Fancy Bear as the threat actor, referring to the group by their in-house code name STRONTIUM . In February 2017, the General Intelligence and Security Service (AIVD) of the Netherlands revealed that Fancy Bear and Cozy Bear had made several attempts to hack into Dutch ministries, including the Ministry of General Affairs , over the previous six months. Rob Bertholee , head of

12730-510: The early hours of the following morning and normal broadcasting services were disrupted late into April 9. Various computerised internal administrative and support systems including e-mail were also still shut down or otherwise inaccessible due to the attack. The hackers also hijacked TV5Monde's Facebook and Twitter pages to post the personal information of relatives of French soldiers participating in actions against ISIS, along with messages critical of President François Hollande , arguing that

12864-524: The election campaigns of Emmanuel Macron and Angela Merkel . According to the report, they targeted the Macron campaign with phishing and attempting to install malware on their site. French government cybersecurity agency ANSSI confirmed these attacks took place, but could not confirm APT28's responsibility. Marine Le Pen 's campaign does not appear to have been targeted by APT28, possibly indicating Russian preference for her campaign. Putin had previously touted

12998-624: The establishment of the Parliamentary elections and a Regional Government. Throughout the Second Chechen War , Russia severely disabled the Chechen rebel movement; however, sporadic attacks by rebels continued to occur throughout the northern Caucasus. On 14 March 2004, Putin was elected to the presidency for a second term, receiving 71% of the vote. The Beslan school hostage crisis took place on 1–3 September 2004; more than 330 people died, including 186 children. The near 10-year period prior to

13132-514: The export of metals valued at $ 93 million in exchange for foreign food aid that never arrived. Despite the investigators' recommendation that Putin be fired, Putin remained head of the Committee for External Relations until 1996. From 1994 to 1996, he held several other political and governmental positions in Saint Petersburg. In March 1994, Putin was appointed as first deputy chairman of the Government of Saint Petersburg . In May 1995, he organized

13266-449: The false URL electronicfrontierfoundation.org. In August 2016, the World Anti-Doping Agency reported the receipt of phishing emails sent to users of its database claiming to be official WADA communications requesting their login details. After reviewing the two domains provided by WADA, it was found that the websites' registration and hosting information were consistent with the Russian hacking group Fancy Bear. According to WADA, some of

13400-429: The four alliance members outside the original treaty, Estonia, Latvia, Lithuania, and Slovenia, join it." In early 2007, " Dissenters' Marches " were organized by the opposition group The Other Russia , led by former chess champion Garry Kasparov and national-Bolshevist leader Eduard Limonov . Following prior warnings, demonstrations in several Russian cities were met by police action, which included interfering with

13534-423: The general public, to last any longer than his predecessors. He was initially regarded as a Yeltsin loyalist; like other prime ministers of Boris Yeltsin , Putin did not choose ministers himself, his cabinet was determined by the presidential administration. Yeltsin's main opponents and would-be successors were already campaigning to replace the ailing president, and they fought hard to prevent Putin's emergence as

13668-463: The government more problems than her writings. In January 2007, Putin met with German Chancellor Angela Merkel at his Black Sea residence in Sochi , two weeks after Russia switched off oil supplies to Germany. Putin brought his black Labrador Konni in front of Merkel, who has a noted phobia of dogs and looked visibly uncomfortable in its presence, adding, "I'm sure it will behave itself", causing

13802-453: The groups behind these attacks. Advanced persistent threat (APT) as a term may be shifting focus to computer-based hacking due to the rising number of occurrences. PC World reported an 81 percent increase from 2010 to 2011 of particularly advanced targeted computer attacks. Actors in many countries have used cyberspace as a means to gather intelligence on individuals and groups of individuals of interest. The United States Cyber Command

13936-570: The imprisonment and suppression of political opponents , intimidation and censorship of independent media in Russia , and a lack of free and fair elections . Russia has consistently received very low scores on Transparency International 's Corruption Perceptions Index , The Economist Democracy Index , Freedom House 's Freedom in the World index, and the Reporters Without Borders Press Freedom Index . Putin

14070-670: The junk removal algorithm. Fancy Bear takes measures to prevent forensic analysis of its hacks, resetting the timestamps on files and periodically clearing the event logs. According to an indictment by the United States Special Counsel, X-Agent was "developed, customized, and monitored" by GRU Lieutenant Captain Nikolay Yuryevich Kozachek. Fancy Bear has been known to tailor implants for target environments, for instance reconfiguring them to use local email servers. In August 2015, Kaspersky Lab detected and blocked

14204-509: The malware sample from both incidents. root9B later published a technical report comparing Claudio's analysis of SOFACY attributed malware to their own sample, adding to the veracity of their original report. In August 2015, Fancy Bear used a zero-day exploit of Java , spoofing the Electronic Frontier Foundation and launched attacks on the White House and NATO . The hackers used a spear phishing attack, directing emails to

14338-585: The mean dwell-time for 2018 in the Americas as 71 days, EMEA as 177 days, and APAC as 204 days. Such a long dwell-time allows attackers a significant amount of time to go through the attack cycle, propagate, and achieve their objectives. Definitions of precisely what an APT is can vary, but can be summarized by their named requirements below: Warnings against targeted, socially-engineered emails dropping trojans to exfiltrate sensitive information were published by UK and US CERT organisations in 2005. This method

14472-399: The mountains of useless information produced by the KGB", Russian-American Masha Gessen wrote in their 2012 biography of Putin. His work was also downplayed by former Stasi spy chief Markus Wolf and Putin's former KGB colleague Vladimir Usoltsev. Journalist Catherine Belton wrote in 2020 that this downplaying was actually cover for Putin's involvement in KGB coordination and support for

14606-599: The newly formed Unity Party , which won the second largest percentage of the popular vote (23.3%) in the December 1999 Duma elections , and in turn supported Putin. On 31 December 1999, Yeltsin unexpectedly resigned and, according to the Constitution of Russia , Putin became Acting President of the Russian Federation . On assuming this role, Putin went on a previously scheduled visit to Russian troops in Chechnya. The first presidential decree that Putin signed on 31 December 1999

14740-406: The non-public email addresses of high level Democratic Party officials. Hillaryclinton.com addresses were attacked, but required two factor authentication for access. The attack redirected towards Gmail accounts on March 19. Podesta's Gmail account was breached the same day, with 50,000 emails stolen. The phishing attacks intensified in April, although the hackers seemed to become suddenly inactive for

14874-539: The period preceding Putin's rule. In 2005, the National Priority Projects were launched to improve Russia's health care , education , housing , and agriculture . The continued criminal prosecution of the wealthiest man in Russia at the time, president of Yukos oil and gas company Mikhail Khodorkovsky , for fraud and tax evasion was seen by the international press as a retaliation for Khodorkovsky's donations to both liberal and communist opponents of

15008-420: The public ahead of elections such as Germany's next federal election which was due in September 2017. Five wives of U.S. military personnel received death threats from a hacker group calling itself "CyberCaliphate", claiming to be an Islamic State affiliate, on February 10, 2015. This was later discovered to have been a false flag attack by Fancy Bear, when the victims' email addresses were found to have been in

15142-473: The rise of Putin after the dissolution of Soviet rule was a time of upheaval in Russia. In a 2005 Kremlin speech, Putin characterized the collapse of the Soviet Union as the "greatest geopolitical catastrophe of the twentieth century". Putin elaborated, "Moreover, the epidemic of disintegration infected Russia itself." The country's cradle-to-grave social safety net was gone and life expectancy declined in

15276-460: The siege had ended, the Russian president enjoyed record public approval ratings—83% of Russians declared themselves satisfied with Putin and his handling of the siege. In 2003, a referendum was held in Chechnya , adopting a new constitution which declares that the Republic of Chechnya is a part of Russia; on the other hand, the region did acquire autonomy. Chechnya has been gradually stabilized with

15410-614: The situation, the entire parliament had to be taken offline for days. IT experts estimate that a total of 16 gigabytes of data were downloaded from Parliament as part of the attack. The group is also suspected to be behind a spear phishing attack in August 2016 on members of the Bundestag and multiple political parties such as Linken -faction leader Sahra Wagenknecht , Junge Union and the CDU of Saarland . Authorities feared that sensitive information could be gathered by hackers to later manipulate

15544-464: The source is a "government sponsor based in Moscow". Evidence collected by FireEye suggested that Fancy Bear's malware was compiled primarily in a Russian-language build environment and occurred mainly during work hours paralleling Moscow's time zone . FireEye director of threat intelligence Laura Galante referred to the group's activities as "state espionage" and said that targets also include "media or influencers." The name "Fancy Bear" derives from

15678-474: The source of the order to attack, and funding for it, is not known. It has been speculated that it was probably an attempt to test forms of cyber-weaponry. The cost was estimated at €5m ($ 5.6m; £4.5m) in the first year, followed by a recurring annual cost of over €3m ($ 3.4m; £2.7m) for new protection. The company's way of working had to change, with authentication of email, checking of flash drives before insertion, and so on, at significant detriment to efficiency for

15812-476: The suspension. "These include [NATO] members cutting their arms allotments and further restricting temporary weapons deployments on each NATO member's territory. Russia also want[ed] constraints eliminated on how many forces it can deploy in its southern and northern flanks. Moreover, it is pressing NATO members to ratify a 1999 updated version of the accord, known as the Adapted CFE Treaty , and demanding that

15946-403: The target's computer. Fancy Bear also registers domains that resemble legitimate websites, then create a spoof of the site to steal credentials from their victims. Fancy Bear has been known to relay its command traffic through proxy networks of victims that it has previously compromised. Software that Fancy Bear has used includes ADVSTORESHELL, CHOPSTICK, JHUHUGIT, and XTunnel. Fancy Bear utilises

16080-557: The terrorist Red Army Faction , whose members frequently hid in East Germany with the support of the Stasi. Dresden was preferred as a "marginal" town with only a small presence of Western intelligence services. According to an anonymous source who claimed to be a former RAF member, at one of these meetings in Dresden the militants presented Putin with a list of weapons that were later delivered to

16214-521: The travel of the protesters and the arrests of as many as 150 people who attempted to break through police lines. On 12 September 2007, Putin dissolved the government upon the request of Prime Minister Mikhail Fradkov . Fradkov commented that it was to give the President a "free hand" in the run-up to the parliamentary election. Viktor Zubkov was appointed the new prime minister. On 19 September 2007, Putin's nuclear-capable bombers commenced exercises near

16348-502: The war . In April 2021, after a referendum , he signed into law constitutional amendments that included one allowing him to run for reelection twice more, potentially extending his presidency to 2036. In March 2024, he was reelected to another term. Under Putin's rule , the Russian political system has been transformed into an authoritarian dictatorship with a personality cult . His rule has been marked by endemic corruption and widespread human rights violations , including

16482-547: The website fancybear.net to leak what they said were the Olympic drug testing files of several athletes who had received therapeutic use exemptions, including gymnast Simone Biles , tennis players Venus and Serena Williams and basketball player Elena Delle Donne . The hackers honed in on athletes who had been granted exemptions by WADA for various reasons. Subsequent leaks included athletes from many other countries. Eliot Higgins and other journalists associated with Bellingcat ,

16616-427: Was appointed as an advisor on international affairs to the mayor of Leningrad Anatoly Sobchak . In a 2017 interview with Oliver Stone , Putin said that he resigned from the KGB in 1991, following the coup against Mikhail Gorbachev, as he did not agree with what had happened and did not want to be part of the intelligence in the new administration. According to Putin's statements in 2018 and 2021, he may have worked as

16750-462: Was born on 7 October 1952 in Leningrad, Soviet Union (now Saint Petersburg, Russia), the youngest of three children of Vladimir Spiridonovich Putin (1911–1999) and Maria Ivanovna Putina ( née  Shelomova ; 1911–1998). His grandfather, Spiridon Putin (1879–1965), was a personal cook to Vladimir Lenin and Joseph Stalin . Putin's birth was preceded by the deaths of two brothers: Albert, born in

16884-530: Was brought back by Marina Salye , but she was silenced and forced to leave Saint Petersburg. While his opponents had been preparing for an election in June 2000, Yeltsin's resignation resulted in the presidential elections being held on 26 March 2000; Putin won in the first round with 53% of the vote. The inauguration of President Putin occurred on 7 May 2000. He appointed the minister of finance , Mikhail Kasyanov , as prime minister. The first major challenge to Putin's popularity came in August 2000, when he

17018-445: Was criticized for the alleged mishandling of the Kursk submarine disaster . That criticism was largely because it took several days for Putin to return from vacation, and several more before he visited the scene. Between 2000 and 2004, Putin set about the reconstruction of the impoverished condition of the country, apparently winning a power-struggle with the Russian oligarchs , reaching

17152-410: Was elected to his first term as president. He was reelected in 2004 . Due to constitutional limitations of two consecutive presidential terms, Putin served as prime minister again from 2008 to 2012 under Dmitry Medvedev . He returned to the presidency in 2012, following an election marked by allegations of fraud and protests , and was reelected in 2018 . During Putin's initial presidential tenure,

17286-541: Was loaded with the X-Agent spyware and posted online on military forums. CrowdStrike initially claimed that more than 80% of Ukrainian D-30 Howitzers were destroyed in the war, the highest percentage loss of any artillery pieces in the army (a percentage that had never been previously reported and would mean the loss of nearly the entire arsenal of the biggest artillery piece of the Ukrainian Armed Forces ). According to

17420-661: Was named by Check Point rather than CrowdStrike. Dragos bases its names for APT groups on minerals. Mandiant assigns numbered acronyms in three categories, APT, FIN, and UNC, resulting in APT names like FIN7 . Other companies using a similar system include Proofpoint (TA) and IBM (ITG and Hive). Microsoft used to assign names from the periodic table , often stylized in all-caps (e.g. POTASSIUM ); in April 2023, Microsoft changed its naming schema to use weather-based names (e.g. Volt Typhoon). Vladimir Putin Vladimir Vladimirovich Putin (born 7 October 1952)

17554-667: Was responsible for an attack on its computers, targeting records of athletes' doping tests. The software company Microsoft reported in August 2018 that the group had attempted to steal data from political organizations such as the International Republican Institute and the Hudson Institute think tanks . The attacks were thwarted when Microsoft security staff won control of six net domains . In its announcement Microsoft advised that "we currently have no evidence these domains were used in any successful attacks before

17688-574: Was sent to Moscow for further training at the Yuri Andropov Red Banner Institute . From 1985 to 1990, he served in Dresden , East Germany , using a cover identity as a translator. While posted in Dresden, Putin worked as one of the KGB's liaison officers to the Stasi secret police and was reportedly promoted to lieutenant colonel . According to the official Kremlin presidential site,

17822-475: Was titled "On guarantees for the former president of the Russian Federation and the members of his family". This ensured that "corruption charges against the outgoing President and his relatives" would not be pursued. This was most notably targeted at the Mabetex bribery case in which Yeltsin's family members were involved. On 30 August 2000, a criminal investigation (number 18/238278-95) in which Putin himself, as

17956-472: Was used throughout the early 1990s and does not in itself constitute an APT. The term "advanced persistent threat" has been cited as originating from the United States Air Force in 2006 with Colonel Greg Rattray cited as the individual who coined the term. The Stuxnet computer worm , which targeted the computer hardware of Iran's nuclear program , is one example of an APT attack. In this case,

#863136