
What is Fancy Bear?
Fancy Bear is a hacking group thought by many to be of Russian origin. Fancy Bear also goes by the names APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM. Fancy Bear is frequently reported as being linked to the Russian government although there is no solid evidence of that claim.
Tech giant, Microsoft, runs its own Digital Crimes Unit (DCU.) The DCU operates the Defending Democracy Program which was announced in April 2018. Microsoft’s DCU obtained a court order that allowed them to take control of six website domains. This is the twelfth time in the past two years that Microsoft has used a court order to take over internet domains. DCU has also closed another 84 fake websites that are associated with Fancy Bear.
Some believe that Fancy Bear hacked the 2016 Democratic National Committee and that the Russian government was calling the shots.
Hackers use spoof websites that look similar or identical to authentic websites to fool website visitors. The goal is to misinform, collect data or launch cyber attacks such as social engineering attacks from the fake websites. Emails collected from a malicious website can be used in phishing scams and spear phishing attacks. The spoof websites can be very convincing.
The malicious domain names include “senate.group,” and “adfs-senate.email.” One other domain name looked like the official thinktank Hudson Institute website, a conservative think tank and another spoofed the International Republican Institute. The board of which includes six serving senators, former Massachusetts Governor Mitt Romney and General H.R. McMaster.

There is no evidence that the seized domains were used in any cyber attacks.
The announcement of the seized hacker domains was coupled with the introduction of Microsoft’s new product called Microsoft AccountGuard. Coincidently, AccountGuard, is an application provided free of charge all political candidates and campaign offices at the federal, state and local level. It also goes to political think tanks and political organizations “we now believe are under attack.” All users must be using Office 365.
According the Microsoft, AccountGuard provides
- Threat notification across accounts
- Security guidance and ongoing education
- Early adopter opportunities such as product updates