FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops

Ctrl-Alt-Intel analysed an exposed open-directory tied to FancyBear (APT28/STRONTIUM) and recovered a near-complete espionage toolkit and telemetry showing XSS-based compromises of Roundcube and SquirrelMail, exfiltration of 11,000+ emails, 11,500+ harvested contacts, 240+ credential/TOTP captures, and 140+ Sieve forwarding rules that persisted access across government and military targets in Ukraine, Romania, Greece, Serbia and Bulgaria; core C2 infrastructure was hosted at zhblz.com / 203.161.50.145 and operated for 500+ days.