← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops
WHITE Fancy_bear PetrP.73 2026-03-20 Modified: 2026-04-19
39
IOCs
MEDIUM VOLUME
The reported findings on FancyBear, a Russian Advanced Persistent Threat (APT), detail a significant operational security lapse in a campaign known as Operation Roundish. This analysis stemmed from an open directory exposed in January 2026, revealing extensive data including over 2,800 emails and 240 sets of stolen credentials. The exfiltration methods used by FancyBear included creating forwarding rules in victims’ email accounts, enabling silent capture and redirection of emails to attacker-controlled mailboxes.
fancybearroundcubecertuatotpip addressseptemberc2 logctrlaltintelc2 serversquirrelmailukrainewindowsednitaugustfebruarymetasploitloopzimbraerrorimpactprotonphishingpowershellinterceptioncaptureblizzardalbaniaroundcube xssscripttaker.jssquirrelmail xssxss
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (8 / 39 total)
All CVE URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
hostname cd.mil.gr 2026-03-20
hostname docs.google.com.spreadsheets.d.1ip6eeakdebmwteh36vana4hu-glaeksstsht-boujdk.zhblz.com 2026-03-20
hostname gov.vppdr.com 2026-03-20
hostname hndgs.mil.gr 2026-03-20
hostname mail.ascentio.com.ar 2026-03-20
hostname mail.govmk.com 2026-03-20
hostname mod.mil.gr 2026-03-20
hostname navy.mil.gr 2026-03-20
References (1)
↗ https://ctrlaltintel.com/threat%20research/FancyBear/