Cozy Bear and Fancy Bear: did Russians hack Democratic party and if so, why? - 2016-07-29
According to security researchers, the culprit was a Russian hacking team long believed by cybersecurity analysts in and outside the US government to be working for the country's largest intelligence agency, GRU. Fascinated researchers have given it a variety of names: APT 28, Strontium, the Sofacy Group, and Fancy Bear.
Last week, WikiLeaks distributed 20,000 emails from the Democratic National Committee (DNC) obtained after Fancy Bear and another hacking team believed to be tied to a competing Russian intelligence service, known as Cozy Bear, breached the DNC's internal network. Cozy Bear is believed to have entered the network a year before and waited quietly, gathering information and cataloging emails. Fancy Bear came later. WikiLeaks' consistent position is not to discuss its source and to push back against suggestions that it gained the data from either Bear.
The Bears have three important things in common: expensive digital tools, suggesting state sponsorship; an interest in pursuing sensitive, embarrassing or strategically significant information, rather than financially beneficial data; and a choice of targets that align with Russian political objectives. Both Bears infiltrated the DNC: Cozy beginning in summer 2015, Fancy in April this year.