The Russian outfit primarily relies on a two-stage malware infection. A trojan nicknamed Sofacy (aka Seduploader) handles initial recon and downloads further malware, while a backdoor known as SofacyX (X-Agent) steals information from the computer. For more persistent attacks, there's a Lojax rootkit that targets the UEFI platform underlying many modern computers. As it sits in the flash memory aboard a computer's firmware, Lojax can survive even if you replace the hard drive or reinstall the operating system.

The cyberattack campaign may be larger than this. Another group, Earworm, has been using spear-phishing email campaigns against military targets in Asia and Europe with some overlap between its control system and that of Fancy Bear. Its operations are separate, though, suggesting it may be another Russian operation rather than an extension of Fancy Bear.

An ongoing global spying campaign wouldn't be surprising. It's not just that Russia has a vested interest in keeping tabs on its political rivals -- it's that it takes relatively few resources to conduct these campaigns in the first place. What little it spends recruiting dedicated hackers could pay huge dividends by gathering more intelligence and undermining institutions.