Friday, December 18, 2020

Russian Hackers Are EVERYWHERE!!!

theintercept |  State-sponsored hackers believed to be from Russia have breached the city network of Austin, Texas, The Intercept has learned. The breach, which appears to date from at least mid-October, adds to the stunning array of intrusions attributed to Russia over the past few months.

The list of reported victims includes the departments of Commerce, Homeland Security, State, and the Treasury; the Pentagon; cybersecurity firm FireEye; IT software company SolarWinds; and assorted airports and local government networks across the United States, among others. The breach in Austin is another apparent victory for Russia’s hackers. By compromising the network of America’s 11th-most populous city, they could theoretically access sensitive information on policing, city governance, and elections, and, with additional effort, burrow inside water, energy, and airport networks. The hacking outfit believed to be behind the Austin breach, Berserk Bear, also appears to have used Austin’s network as infrastructure to stage additional attacks.

While the attacks on SolarWinds, FireEye, and U.S. government agencies have been linked to a second Russian group — APT29, also known as Cozy Bear — the Austin breach represents another battlefront in a high-stakes cyber standoff between the United States and Russia. Both Berserk Bear and Cozy Bear are known for quietly lurking in networks, often for months, while they spy on their targets. Berserk Bear — which is also known as Energetic Bear, Dragonfly, TEMP.Isotope, Crouching Yeti, and BROMINE, among other names — is believed to be responsible for a series of breaches of critical U.S. infrastructure over the past year.

The Austin breach, which has not been previously reported, was revealed in documents prepared by the Microsoft Threat Intelligence Center, or MSTIC, and obtained by The Intercept, as well as in publicly available malware activity compiled by the site VirusTotal. “While we are aware of this hacking group, we cannot provide information about ongoing law enforcement investigations into criminal activity,” a spokesperson for the city of Austin wrote in response to a list of emailed questions.

On Sunday, Reuters reported that a state-sponsored hacking group had breached the Treasury and Commerce departments, sparking an emergency weekend meeting of the National Security Council. The Washington Post later attributed the attacks to Cozy Bear, citing anonymous sources, and reported that the group breached the agencies by infecting a software update to Orion, a popular network management product made by SolarWinds, a firm based in Austin. “Fewer than 18,000” users downloaded the malicious software update, which has been available since March, SolarWinds said in a federal securities filing on Monday. The Intercept has seen no evidence that the Austin breach and the SolarWinds hack are related.