It must be a torrid time for the NZ authorities. One interesting side topic is the potential reputation theft as one lot of cyber criminals present to be another. If that is actually the case, expect to see the ‘real APT28’ going after the fake…:
[…] In November, government cyber security agency CERT NZ said it had received reports of extortion emails targeting companies within the financial sector in New Zealand. It said the emails claimed to be from a Russian group called “Fancy Bear/Cozy Bear” and demanded a ransom to avoid denial-of-service attacks. CERT declined to comment on the NZX incidents.
Fancy Bear is another name for the Russian hacking group APT28, which has been linked to attacks against the U.S. Democratic Party, the White House and NATO. Security experts have also linked it to attacks on European government institutions and private companies and say its primary mission is to gather intelligence in support of the Russian government.
The group sending ransom emails is highly unlikely to be the real Fancy Bear, but is using its name to gain notoriety, according to Yihao Lim, a cyber threat intelligence analyst at Mandiant Threat Intelligence in Singapore.
“It’s plausible that they are cyber gangs calling themselves Fancy Bear involved in this incident,” he said.