Threat actors are impersonating the notorious state-backed Russian hacking group Fancy Bear (aka Sofacy, APT28 and Sednit) as part of a distributed denial-of-service (DDoS) extortion campaign targeting organizations in the financial sector.
According to Daniel Smith of Radware, the threat actors launch “large scale, multi-vector demo DDoS attacks” against a target and then send over a ransom note, demanding a payment of 2 bitcoin (around $15,000) in exchange for ending the DDoS campaign. In the letter, the attackers falsely claim to be Fancy Bear, the elite Russian cyber espionage group that hacked the White House in 2014 and the DNC in 2016.
Read more: A DDoS gang is extorting businesses posing as Russian government hackers