Pulse Detail — Threat Intelligence

PULSE NAME

FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops

WHITE Fancy_bear PetrP.73 2026-03-20 Modified: 2026-04-19

IOCs

MEDIUM VOLUME

The reported findings on FancyBear, a Russian Advanced Persistent Threat (APT), detail a significant operational security lapse in a campaign known as Operation Roundish. This analysis stemmed from an open directory exposed in January 2026, revealing extensive data including over 2,800 emails and 240 sets of stolen credentials. The exfiltration methods used by FancyBear included creating forwarding rules in victims’ email accounts, enabling silent capture and redirection of emails to attacker-controlled mailboxes.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1041 T1056 T1059 T1071 T1087 T1105 T1111 T1114 T1204 T1539 T1560 T1566 T1583 T1585 T1608 T1547

Indicators of Compromise (1 / 39 total)

All CVE URL domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2023-43770	—	2026-03-20

References (1)

↗ https://ctrlaltintel.com/threat%20research/FancyBear/