Researchers recently revealed that a hacker has been posing as a Russian hacker group Fancy Bear. The hacker launched a DDoS attack on financial institutions in the name of Fancy Bear and wanted to take the opportunity to extort money.
About a week ago, the hacker began attacking financial companies in countries such as Singapore and South Africa. Instead of directly attacking the target organization’s website, the hacker targeted the back-end servers of those organizations. It is speculated that hackers are likely to value the fact that such servers are not normally protected by DDoS mitigation systems, and attacks against these servers are likely to cause system downtime.
It is understood that the organization may have a botnet dedicated to launching DDoS attacks. According to the report, the hacker will ask the victim to pay two bitcoins to avoid the impact of the system. Security companies Link11, Radware and Group-IB have confirmed this series of attacks. Some people regard Fancy Bear as the most famous hacker organization in Russia. During the 2016 US presidential election, the organization invaded the website of the Democratic National Committee and spread false news on social media platforms. In addition, the organization has tried to interfere with the presidential elections in many EU countries.
Experts say it is not uncommon to pretend to be a cybercrime by a well-known hacker organization. Most of the move is to evade investigations by law enforcement agencies. After analysis, the researchers determined that the hacker, in this case, was not a member of Fancy Bear.