The Russian Hackers Playing ‘Chekhov’s Gun’ With US Infrastructure

Over the last half a decade, Russian state-sponsored hackers have triggered blackouts in Ukraine, released history’s most destructive computer worm, and stolen and leaked emails from Democratic targets in an effort to help elect Donald Trump. In that same stretch, one particular group of Kremlin-controlled hackers has gained a reputation for a very different habit: walking right up to the edge of cybersabotage—sometimes with hands-on-the-switches access to US critical infrastructure—and stopping just short.

Last week the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published an advisory warning that a group known as Berserk Bear—or alternately Energetic Bear, TEMP.Isotope, and Dragonfly—had carried out a broad hacking campaign against US state, local, territorial, and tribal government agencies, as well as aviation sector targets. The hackers breached the networks of at least two of those victims. The news of those intrusions, which was reported earlier last week by the news outlet Cyberscoop, presents the troubling but unconfirmed possibility that Russia may be laying the groundwork to disrupt the 2020 election with its access to election-adjacent local government IT systems.

hop over to this web-site
my website
browse around here
Recommended Site
Your Domain Name
Web Site
click this site
hop over to this site
i was reading this
click here to read
read here
i loved this
my blog
click now
you can try these out
informative post
top article
useful site
click this over here now
moved here
resource
about his
navigate to this site
click this
click here for more info
investigate this site
more helpful hints
read
over at this website
find
go to the website
try this site
look at more info
look what i found
Full Report
websites
Extra resources
get more
like it
click here for more
find out here now
this hyperlink
home
site here
discover here
click here for info
try this website
go
look at here
Visit Your URL
see this website
visit this page
Click Here
check this
browse around these guys
redirected here
visit this site right here
review
have a peek at this website
right here
why not try this out
article source
visite site
web link
you could try this out
description
my latest blog post
find out this here
wikipedia reference
find more information
continue reading this
this post
index
official website
go to these guys
learn the facts here now
Related Site
Click This Link
Visit This Link
you can try here

In the context of Berserk Bear’s long history of US intrusions, though, it’s much harder to gauge the actual threat it poses. Since as early as 2012, cybersecurity researchers have been shocked to repeatedly find the group’s fingerprints deep inside infrastructure around the globe, from electric distribution utilities to nuclear power plants. Yet those researchers also say they’ve never seen Berserk Bear use that access to cause disruption. The group is a bit like Chekhov’s gun, hanging on the wall without being fired through all of Act I—and foreshadowing an ominous endgame at a critical moment for US democracy.

“What makes them unique is the fact that they have been so focused on infrastructure throughout their existence, whether it’s mining, oil, and natural gas in different countries or the grid,” says Vikram Thakur, a researcher at security firm Symantec who has tracked the group over several distinct hacking campaigns since 2013. And yet Thakur notes that in all that time, he’s only seen the hackers carry out what appear to be reconnaissance operations. They gain access and steal data, but despite ample opportunity never actually exploit sensitive systems to attempt to cause a blackout, plant data-destructive malware, or deploy any other sort of cyberattack payload.

Instead, the intruders seem content simply demonstrating that they can gain that troubling level of reach into infrastructure targets again and again. “I see them having operated for seven years and till today, I’ve come across no evidence of them having done something,” Thakur says. “And that makes me lean toward the theory that they’re sending a message: I am in your critical infrastructure space, and I can come back if I want to.”

A Long Hibernation

In the summer of 2012, Adam Meyers, the vice president of intelligence at security firm CrowdStrike, remembers first coming across the group’s sophisticated backdoor malware, known as Havex, in an energy sector target in the Caucasus region. (CrowdStrike initially called the hackers Energetic Bear due to the energy sector targeting, but later changed the name to Berserk Bear when the group switched up its tools and infrastructure.) “It was the coolest thing I’d ever seen at the time,” Meyers says. Crowdstrike would soon find Havex in other energy-related networks around the world—years before other Russian hackers would carry out the world’s first blackout-inducing cyberattack in 2015 against Ukraine.

In June of 2014 Symantec published a comprehensive report on the group, which it called Dragonfly. In dozens of intrusions against oil and gas and electric utilities in the US and Europe, the hackers had used “watering hole” attacks that compromised websites their targets visited to plant Havex on their machines. They also hid their malware in infected versions of three different software tools commonly used by industrial and energy firms. Symantec’s Thakur says in that first wave of attacks the company found that the hackers had stolen detailed industrial control system data from their victims. He never saw evidence, however, that the hackers went so far as to attempt to disrupt any target’s operations—though given the scale of the campaign, he admits he can’t be sure.

Leave a Reply

Your email address will not be published. Required fields are marked *