22 December 2020

Russian Hackers Target Austin

Someday companies and government agencies will take security seriously. But today is not that day. Russian Hackers Have Been Inside Austin Network for Months

Russia appears to have used Austin’s network as infrastructure to stage additional cyberattacks.

The Russians (reputed) have been in the Austin network since at least mid-October. Though the article seems to indicate that some activity has been going on since January, we will stick with the October intrusion date.

It is now clear that a group of highly sophisticated hackers, likely Berserk Bear [a division of Russia’s Federal Security Service], also hit Austin. An IP address belonging to the city appears on a list of indicators of compromise, or technical evidence that organizations can use to determine if they’ve been hacked by this threat actor, compiled by MSTIC [Microsoft Threat Intelligence Center].

For those of you not up on your post-Cold-War Russian bureaucracies, the Russian Federal Security Service or FSB is one of the descendants of the KGB. The KGB, or Committee for State Security, was the secret police of the Soviet Union.

And while we're talking in acronyms, CISA is Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security. (Makes me feel very securer. Almost.)

CISA and the FBI singled out Berserk Bear in an October 22 advisory warning that the hacking group had targeted airports, energy companies, and state, local, and tribal governments around the country, and had “exfiltrated data from at least two victim servers.” The New York Times later reported that FSB hackers had “bored into local networks” in California and Indiana, without specifying which networks had been breached.

Malware submissions to VirusTotal in November and December include software communicating with IP addresses owned by the City of Austin. This probably means they are STILL compromised.

The most recent malware sample found on VirusTotal that was observed communicating with Austin’s IP address was submitted to the site for analysis on December 15.

The potential downside to hackers of the capability of Berserk Bear in municipal networks for months is awful.

at
Labels: ,

No comments:

Post a Comment

Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.

Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.

Subscribe to: Post Comments (Atom)