DHS Cybersecurity and Infrastructure Security Agency (CISA) and the FBI today warned that a Russian state-sponsored APT threat group known as Energetic Bear has hacked and stolen data from US government networks during the last two months.
Energetic Bear (also tracked as Berserk Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala), a hacking group active since at least 2010, has targeted the networks of both US state, local, territorial, and tribal (SLTT) government organizations and aviation entities.
"The Russian state-sponsored APT actor has targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers," the two agencies said today.
"The Russian-sponsored APT actor is obtaining user and administrator credentials to establish initial access, enable lateral movement once inside the network, and locate high value assets in order to exfiltrate data."
The hackers used several methods in their attacks including brute-force attempts, Structured Query Language (SQL) injection attacks, and also scanned for and tried to exploit vulnerable Citrix, Fortinet, and Microsoft Exchange servers.
They also used compromised of Microsoft Office 365 (O365) accounts and attempted to exploit the ZeroLogon Windows Netlogon vulnerability (CVE-2020-1472) for privilege escalation on Windows Active Directory (AD) servers.
Read full article on https://www.bleepingcomputer.com/news/security/russian-state-hackers-stole-data-from-us-government-networks/
#us #government #hack #russia #mindyourdata #yokdata #blog