IBTimes UK looks back at the top 5 elite hacker groups that are believed to be responsible for conducting some of the most prominent cyberattacks of the year.
1.The Kremlin hackers – Fancy Bear and Cozy Bear
Throughout the US presidential elections, Russian state-sponsored hackers featured prominently in allegations Putin's government was interfering with the elections. US authorities have now officially accused Russian hackers of the election cyberattacks. Here's looking into what the groups have been up to the past year.
The Fancy Bear hacker group – which is also known as APT 28, Sednit, Sofacy and Pawn Storm, among others – made headlines this year after security researchers identified the group as being responsible for conducting the high-profile hack of the Democratic National Committee (DNC). The group is believed to be affiliated with the Russia's Main Intelligence Agency (GRU).
According to CrowdStrike, the group has been active since early 2000 and is believed to have been actively engaged in cyberespionage activities. Other security researchers believe that the group has been actively conducting cyberattacks on targeted individuals and organisations. According to ESET, in one of their active campaigns, Fancy Bear hackers were found to have a set 9-5 working period, likely indicating that the group was a state-sponsored outfit.
Some of Fancy Bear's most notable cyberattacks, apart from the DNC hack, include the Wada hack, the series of zero-day cyberattacks and the recently uncovered targeted attacks against a Ukrainian artillery unit, which saw the threat actors deploy customised Android malware to collect information.
The Cozy Bear hacking group, which is also believed to be involved in the DNC hack, are considered to be a separate unit of Kremlin hackers, allegedly affiliated with the Russian Federal Security Service (FSB – the successor of the infamous KGB). The threat actors are also believed to have launched long-term cyberespionage campaigns, aimed at gathering sensitive intelligence.
In the months leading up to the US presidential elections, security researchers uncovered that the hacking group was targeting prominent Washington-based think tanks which focus on Russia.
The group is also believed to have launched a wave of cyberattacks, targeting non-government organisations' US government entities, hours after Donald Trump was declared victorious in the 2016 presidential elections.
3.Shadow Brokers NSA cyberweapons hack
In August, the mysterious hacker group dubbed Shadow Brokers claimed responsibility for stealing and leaking National Security Agency (NSA) cyberweapons. The group claimed to have hacked the NSA elite hacker group known as the Equation Group, only to steal powerful hacking tools and put them up for auction on the dark web (an encrypted internet network).
The attack made headlines, highlighting how even the most notorious government intelligence agencies in the world could potentially be targeted by cybercriminals.
Despite the notoriety of the hack and various security experts having confirmed that the stolen cyberweapons appeared to be legitimate, Shadow Brokers have not found any buyers.
The group eventually abandoned its auction and now appears to have moved to directly selling the stolen goods on an underground hacker site ZeroNet. It remains to be seen whether the move actually garners any further interest from buyers.
4.Cyber thieves hacking banks
The year 2016 saw several high profile bank hacks, which led to millions of pounds stolen by hackers.
Although most of the investigations into the global bank hacks remain ongoing, with little to no new intel on the identity of the hacker groups responsible for the thefts, cyber thieves played a prominent role in ramping up cybercrime this year.
The Bangladesh Bank hack tops the list of the most notable attacks. However, it has been a busy year for cyber thieves. Hackers even hit ATMs across the globe, deploying customised malware to trick machines into spitting out large amounts of cash. ATMs in Thailand and Taiwan, among others were affected.
Meanwhile, hackers also successfully conducted cyberheists against banks in Ukraine, Ecuador and more. In Britain, the recent Tesco Bank hack made headlines after it was uncovered that hackers successfully stole £2.5m ($3.09m) from 9,000 customers.
5.Islamic State hackers
The year 2016 saw many "kill lists" and cyberthreats brought forward by hackers working for Islamic State (Isis).
In April, pro-IS hackers made headlines by publicly releasing a hit list of thousands of New Yorkers. However, according to non-profit organisation Ghost Security Group (GSG), which monitors terrorism-related activity online, these hit lists are not real.
Instead, GSG analysts claimed that these lists were more often created by script kiddies – novice hackers – attempting to build a reputation by publically displaying their skills.