• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

 | 

Security Affairs newsletter Round 529 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Iran confirmed it shut down internet to protect the country against cyberattacks

 | 

Godfather Android trojan uses virtualization to hijack banking and crypto apps

 | 

Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider

 | 

Linux flaws chain allows Root access across major distributions

 | 

A ransomware attack pushed the German napkin firm Fasana into insolvency

 | 

Researchers discovered the largest data breach ever, exposing 16 billion login credentials

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber warfare
  • Hacking
  • Intelligence
  • Guccifer 2.0 – Lone Wolf or a Fancy Bear?

Guccifer 2.0 – Lone Wolf or a Fancy Bear?

Pierluigi Paganini June 17, 2016

A hacker using the pseudonymous Guccifer 2.0, claimed responsibility for the cyber-attack on the Democratic National Committee (DNC).

Yesterday, we blogged about the cyber-attack on the Democratic National Committee (DNC) that led a dossier of the presumptive Republican presidential nominee, Donald Trump. According to the US-based cyber security company CrowdStrike, two sophisticated Russian espionage groups, COZY BEAR and FANCY BEAR were behind the attacks basing that conclusion on specific techniques, tactics, and protocols (TTPs) uncovered during the company’s investigation of the breach – a lot can change in twenty-four hours!

Shortly after that blog was filed, a hacker going by the persona Guccifer 2.0, claimed responsibility for the DNC breach.  Guccifer 2.0 is a play on a Romanian hacker calling himself Guccifer.  Guccifer is believed to be the man behind hacking into Hillary Clinton’s personal email server, compromising thousands of sensitive US State Department documents,

Guccifer 2.0

Guffifer 2.0 ’s blog questions CrowdStrike’s conclusion that those behind the DNC attacks were sophisticated stating, “I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy.”  That’s not all.  To prove his point, Guccifer 2.0 released several sensitive DNC documents including donor lists, strategy lists, and even a document titled “NATIONAL SECURITY TRANSITION PLANNING” detailing a timeline of activities of transitioning Secretary Hilary Clinton into the role of President after the November election.

This twist of events has called into question once again the value of attribution and it accuracy.  As a threat intelligence analyst myself, the difficulty in pinpointing attribution to a particular individual, group, or even nation is very difficult and not without its critics.  Security research Bruce Schneier accurately captured the attribution problem in his blog writing:

And while it now seems that North Korea did indeed attack Sony, the attack it most resembles was conducted by members of the hacker group Anonymous against a company called HBGary Federal in 2011. In the same year, other members of Anonymous threatened NATO, and in 2014, still others announced that they were going to attack ISIS. Regardless of what you think of the group’s capabilities, it’s a new world when a bunch of hackers can threaten an international military alliance.

And it’s an important point.  At the geostrategic perspective, proper attribution of these types of attacks is critical, especially if the US election system appears to be a victim.

Whether or not the DNC beach will damage the campaigns of the presidential hopefuls is yet to be seen, but that isn’t necessarily the most important thing to consider.  At stake is the election, arguably, of the most powerful person in the world. In a country that values its democracy so highly, any view that the election process has been compromised may have a serious impact on the public’s perception of the President elect’s legitimacy.  Not only is attribution hard, it’s also vital for decision makers.

Just because attribution is hard, doesn’t mean we shouldn’t do it – even if we, as researchers get it wrong at times.  I personally have seen the value of attribution not just at the nation-state level but on a much smaller scale, where the motivations of the hacker were less about global ambitions and more about financial gain.  Watching cyber intelligence people in the private sector struggling with resources are far more empowered when making their arguments about funding their efforts when they turn the conversation from “How?” to “Who?”  Amazing how quickly you grab a penny-pinching COO’s attention when you have pictures of hackers who just ran amok through you ERP system!

So has Guccifer 2.0 really called into question CrowdStrike’s conclusions? 

Absolutely not!  They’re an excellent threat intelligence shop and I’m confident they’ve done their homework.  International espionage is a tricky game and a good defense is a good diversion.  So is Guccifer 2.0 actually a Russian espionage threat actor?  We don’t know, and may never know, but clearly Guccifer 2.0, whoever he is, he has access to leaked DNC documents, but for further proof is needed before I’m a disciple.  It would have been a lot more believable if Guccifer 2.0 had walked through the attack in a YouTube video. Even then, you’d still have people disbelieving his claims.

In the end, we’re all left to draw your own conclusions, but keep in mind that disinformation is a powerful asset. Don’t always believe what you see.

Written by: Rick GamacheRick Gamache

Rick Gamache is a freelance writer with 25 years’ experience in the cyber security field. His past work includes the Managing Director of Wapack Labs, CIO of the Red Sky Alliance, and lead FISMA auditor for the US Navy’s destroyer program.  Rick has written several high-level cyber and general risk reports with an emphasis on the Nordic countries, India, Russia, and Ukraine and has traveled extensively, speaking on strategic cyber threat intelligence matters as they relate global supply chains.

LinkedIn – https://www.linkedin.com/in/rick-gamache-cissp-021ab43

Twitter – https://twitter.com/thecissp

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Russian Hackers, Guccifer 2.0)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

2016 presidential campaigns COZY BEAR Donald Trump FANCY BEAR Guccifer 2.0 Russian hackers state-sponsor hackers

you might also like

Pierluigi Paganini June 25, 2025
Hackers deploy fake SonicWall VPN App to steal corporate credentials
Read more
Pierluigi Paganini June 25, 2025
Mainline Health Systems data breach impacted over 100,000 individuals
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Hackers deploy fake SonicWall VPN App to steal corporate credentials

    Hacking / June 25, 2025

    Mainline Health Systems data breach impacted over 100,000 individuals

    Data Breach / June 25, 2025

    Disrupting the operations of cryptocurrency mining botnets

    Malware / June 25, 2025

    Prometei botnet activity has surged since March 2025

    Cyber Crime / June 25, 2025

    The U.S. House banned WhatsApp on government devices due to security concerns

    Mobile / June 24, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT