Berserk Bear
Berserk Bear (aka Crouching Yeti, Dragonfly, Dragonfly 2.0, DYMALLOY, Energetic Bear, Havex, IRON LIBERTY, Koala, or TeamSpy)[1][2][3] is a Russian cyber espionage group, sometimes known as an advanced persistent threat.[4] According to the United States, the group is composed of "FSB hackers," either those directly employed by the FSB or Russian civilian, criminal hackers coerced into contracting as FSB hackers while still freelancing or moonlighting as criminal hackers.[5]
Activities[]
Berserk Bear specializes in compromising utilities infrastructure, especially that belonging to companies responsible for water or energy distribution.[4][6] It has performed these activities in at least Germany and the U.S.[6] These operations are targeted towards surveillance and technical reconnaissance.[5]
Berserk Bear has also targeted many state, local, and tribal government and aviation networks in the U.S., and as of October 1, 2020, had exfiltrated data from at least two victim servers.[2] In particular, Berserk Bear is believed to have infiltrated the computer network of the city of Austin, Texas, during 2020.[7][8][5]
The group is capable of producing its own advanced malware, although it sometimes seeks to mimic other hacking groups and conceal its activities.[5]
See also[]
References[]
- ^ "Dragonfly 2.0, IRON LIBERTY, DYMALLOY, Berserk Bear, Group G0074 | MITRE ATT&CK®". attack.mitre.org.
- ^ a b "Russian state hackers stole data from US government networks". BleepingComputer.
- ^ Goodin, Dan (December 7, 2020). "NSA says Russian state hackers are using a VMware flaw to ransack networks". Ars Technica.
- ^ a b "The Russian Hackers Playing 'Chekhov's Gun' With US Infrastructure" – via www.wired.com.
- ^ a b c d Andrew S. Bowen (January 4, 2021). Russian Cyber Units (Report). Congressional Research Service. p. 2. Retrieved July 25, 2021.
- ^ a b "German intelligence agencies warn of Russian hacking threats to critical infrastructure". CyberScoop. May 26, 2020.
- ^ Hvistendahl, Mara; Lee, Micah; Smith, Jordan (December 17, 2020). "Russian Hackers Have Been Inside Austin City Network for Months". The Intercept.
- ^ "Austin officials quiet on reports that city network hacked". www.msn.com.
- Organization stubs
- Hacking in the 2020s
- Information technology in Russia
- Russian advanced persistent threat groups