Disinfo: No evidence to link the amateur “Fancy Bear” group to the Russian government


The accusations of the so-called “Fancy Bear” being linked to the Russian Foreign Intelligence Service or the Russian government is baseless and the Americans failed to provide any clue to support these allegations.

The “Fancy Bear” group might well be just a group of amateurs operating on Russian soils.


Recurrent pro-Kremlin disinformation narrative denying any involvement of the Russian government in hacker attacks and cyber-crime.

Russian intelligence services have long been accused of targeting computer systems in the US and elsewhere, with a dozen of substantiated allegations made in the last few years alone. An analysis of high-profile cyber incidents since 2006 designates Russia as an "offender" in 98 cyberattacks globally, against 16 incidents where the country appears as a "victim."

Microsoft has been detecting companies being targeted by cyberattacks from Russian-linked hacking group called "Strontium" AKA “APT 28”, AKA “Sednit”, AKA “Sofacy”, AKA “Fancy Bear”, AKA “Pawn Storm”, AKA “Tsar Team”. A majority of this group's attacks were detected and stopped by security tools built into Microsoft products.

“Fancy Bear” is best known for interference in the 2016 U.S. presidential election, when FBI's Robert Mueller identified Fancy Bear as two units within Russia’s military intelligence directorate, the GRU, and indicted 12 GRU officers for the hacking, and was recently accused of targeting both the Joe Biden and Donald Trump campaign ahead of this year's U.S. election.

Norway's Police Security Service (PST) also said that Fancy Bear was specifically linked to the GRU's 85th Main Special Services Centre, whose officers were implicated in a 2015 cyberattack against the German Bundestag.

The cybersecurity company Crowdstrike say that FANCY BEAR’s profile closely mirrors the strategic interests of the Russian government.

According to the Mueller report, “Fancy Bear” has two primary long-term backdoors. One, called EvilToss, was built for flexibility, with a mechanism for loading malware plug-ins on the fly. The other is known, both to the Russians and their trackers, as X-Agent.

Investigators also identified malicious code that was built on Russian servers, and also determined the attackers “were operating from 8:00 am to 8:00 pm Moscow time, which gave us an indication we’re dealing with government workers rather than cybercriminals burning the midnight oil for-profit,” said Dmitri Alperovitch, Crowdstrike chief technology officer.

Check out our study case regarding GRU-linked cyberattacks.

Read similar cases claiming that accusations about Russian-sponsored hacker attacks aim to discredit Russia’s anti-COVID vaccine, or that accusations against Russia’s OPCW cyberattacks OPCW are groundless, or that Russian secret services have never been involved in cyber-attacks, or that Moscow has not intervened in the European Union or other countries.


  • Reported in: Issue 225
  • DATE OF PUBLICATION: 15/12/2020
  • Outlet language(s) Arabic
  • Countries and/or Regions discussed in the disinformation: US, Russia
  • Keywords: Fancy Bear, Cyber, Internet, Anti-Russian, Russophobia
see more

Lithuanian judges broke the law in the case of January 13th

The Investigative Committee of Russia (ICR) charged, in absentia, the Lithuanian judges which passed an illegal judgement in the case of events of January 13, 1991, in Vilnius. The ICR said that the Lithuanian judges know that events in Vilnius happened at the moment when Lithuania was part of the USSR. During the events of January 1991, Soviet troops acted according to Soviet law to ensure public order.


On January 13., 1991, during an armed confrontation near the TV tower in Vilnius, 14 people died and more than 600 were injured. The Prosecutor General’s Office of Lithuania claims without any evidence that victims were killed by Soviet soldiers.


The case contains historical revisionism and recurring pro-Kremlin disinformation narrative about the events of January 13th, 1991.

The statement by the Investigative Committee of Russia against the Lithuanian judges is an attempt to exert pressure on Lithuania, its courts, and law enforcement officials.

Ukraine's anti-corruption bureau is an element of external control over Ukraine's politicians

NABU [National Anti-Corruption Bureau of Ukraine] began to perform the functions for which this “anti-corruption system” was created. It is a club against any Ukrainian politician, official, or businessman who dares to be arbitrary (i.e. go beyond the limits set by the system of external control).


This is an example of a recurring pro-Kremlin disinformation narrative alleging that Ukraine is under external control.

NABU is a state law enforcement agency that independently investigates the corruption of public officials and prepares cases for prosecution. The bureau was created in 2014 after the National Anti-Corruption Committee did not fulfil its obligations. NABU is accountable to the Parliament of Ukraine through the law on the National Anti-Corruption Bureau of Ukraine and the law on prevention of corruption.

The Western elite and their Ukrainian puppets set up MH17 crash

More and more experts agree that the Western elite and their Ukrainian puppets orchestrated the crash of the Malaysian Boeing MH17. Each such statement is accompanied by a number of facts. The current situation casts a shadow on the competence of the Hague Court and casts doubt on Russia’s guilt. The US and Ukrainian authorities were involved in this tragedy.


This is a recurring pro-Kremlin disinformation narrative about the downing of Flight MH17. No serious expert view the “Western Elites” as responsible for the crash.

The Dutch-led criminal investigation by the Joint Investigation Team (JIT) has been ongoing since 2014. On 28 September 2016, the JIT announced that Flight MH17 was shot down by a missile from the 9M38 series, which was launched by a BUK TELAR missile system. The system was transported from the Russian Federation to an agricultural field near the town of Pervomaiskyi in Eastern Ukraine, from where the missile was launched. After firing, the system - with one missing missile - went back to the Russian Federation. On the 24th of May 2018, the JIT announced its conclusion that the BUK TELAR used to shoot down MH17 came from the 53rd Anti-Aircraft Missile Brigade, a unit of the Russian armed forces from Kursk in the Russian Federation.