Top 5 Russian hacker groups
Over the past year, Kremlin-linked hacker groups have dominated cyberspace with widespread, global attacks iStock

Russian hackers have been in the spotlight since the 2016 US presidential election. Over the past year, reports about Kremlin-linked hacker groups dominating cyberspace with widespread, global attacks have emerged, indicating that Russian hackers' reach may extend to targets across the world.

Over the past year, numerous international government, private and political organisations have been targeted by what experts say are Kremlin-linked cyberespionage groups, in efforts to influence socio-political aspects of different countries. Although there may be general awareness about Russian hackers, it is important that people also arm themselves with knowledge about the major hacker groups that have been actively conducting targeted cyberattacks.

IBTimes UK has compiled a list of the 5 major Russian hacker groups that have wreaked havoc in cyberspace over the past few years.

Fancy Bear

The Fancy Bear hacker group is widely considered to be one of the most proliferate Kremlin-linked hacking units. Security experts have said that the group, which is also known as Sofacy, Pawn Storm and APT 28, among others, has ties to the Kremlin's primary intelligence agency GRU.

Fancy Bear has been accused of launching attacks against the DNC (Democratic National Committee) as well as American think tanks. The hacker group has also targeted government organisations in Germany, Denmark, France and elsewhere, in efforts to influence socio-political aspects during key political times, such as in the months leading up to major elections.

Cozy Bear

Cozy Bear hackers have also been linked to the Russian government and are believed to be involved in highly advanced and covert cyberattack campaigns. The hacker groups has been linked to the Russian Federal Security Service (FSB – the successor of the infamous KGB) and are believed to have been involved in several long-term cyberespionage campaigns, targeting thinks tanks and various private organisations across the globe. In comparison to the Fancy Bear hackers, this group maintains a relatively low profile.


Turla is one of the lesser known, yet highly effective Russian hacker groups that is believed to have been active for over a decade. The group has also been linked to a cyberattack against the US Department of Defence (DoD) in 2008 and counts among its victims various international government agencies, embassies as well medical research and pharmaceutical firms.

The group recently made a comeback after security researchers found it to be hiding and controlling its customised malware via the Britney Spear's Instagram account. The group has also targeted satellite internet providers in the Middle East.


CyberBerkut is a lethal Russian hacktivist group. Experts consider this hacker group to be yet another "front for Moscow" as the hacker unit is known to go after Russia's critics, dissidents and activists. The group is believed to have ties to Kremlin's intelligence services. In 2015, the group claimed responsibility for the cyberattack against Germany's government websites, including that of chancellor Angela Merkel.

Yahoo hackers

The details of the massive Yahoo hacks, which emerged last year left the world in shock as the tech giant confirmed that hackers had accessed millions of user accounts. Although the attacks targeting Yahoo were not coordinated by a specific hacker group, the attackers were later linked to Russia.

Experts said that the Russian intelligence agency FSB had recruited the two hackers Karim Baratov, a Kazakh who was living in Canada, and Alexsey Belan, a Russian cybercriminal currently on the FBI's most wanted list, to hack into Yahoo and access user accounts. The attack is alleged to have eventually provided the Kremlin with a rich target base, which included journalists, government officials and various firms.

Along with the two hackers, US authorities charged two alleged Russian spies for orchestrating the Yahoo hack, highlighting the deep ties the Kremlin likely has with underground cybercriminal entities.