Kremlin-Backed Hacking Group Targets Power and Water Sector of Germany, Report
A hacking group linked with the Russian government has reportedly carried out a series of attacks on energy, water, and power sectors of Germany, cybersecurity-focused outlet Cyberscoop reported on May 26.
An anonymous German government advisory told Cyberscoop that internal investigations earlier this year indicated “longstanding compromises” at a slew of German companies operating in the aforementioned industries.
Berserk Bear’s Systematic Attacks Against Energy Companies
German authorities tend to believe that the efforts to compromise the country’s critical infrastructure were taken by the Berserk Bear hacking group.
“The attackers’ goal is to use publicly available but also specially written malware to permanently anchor themselves in the IT network, steal information, or even gain access to productive systems,” the advisory reportedly said.
Nonetheless, there was ostensibly no evidence of a disruptive attack on the companies’ industrial networks.
This is not the first time Germany placed responsibility for large-scale cyberattacks on its energy providers on Berserk Bear. Previously, Germany’s Federal Office for Information Security claimed that the group conducted a widespread and systematic attack against the country’s energy networks throughout 2018.
The attack was also unsuccessful, the agency said, at the time, with energy grids remained largely unaffected by Berserk Bear. The director of Germany’s Federal Office for the Protection of the Constitution said that the “modus operandi” of the hackers “is a major indicator that points to Russian control of the offensive campaign.”
The Hacktivist Group’s Extensive Operations Around the World
In 2018, cybersecurity tech company CrowdStrike released a report, where it examined the activity of some of the world’s leading government-backed hacking groups, including Berserk Bear. CrowdStrike wrote:
“The Berserk Bear adversary group has strong ties to Moscow, Russia, as well as technical and operational overlaps with other likely Russian state-sponsored groups such as Energetic Bear, Team Bear, and Voodoo Bear. The targeting profile of the group observed by CrowdStrike appears to align very closely with the likely collection priorities of Russian intelligence.”
According to the report, Berserk Bear’s activity began increasing in spring 2017, when it launched and maintained extensive operations worldwide throughout the year. The group was reportedly involved in high-profile activity against critical infrastructure entities in the United States and Europe and deployed novel techniques aimed at compromising SMB credentials at targeted organizations.
Written by Ana Alexandre
Subscribe to our Newsletter<
- AT&T Faces Lawsuit Over Alleged SIM Swapping Leading to Massive Cryptocurrency Theft
- North Korean Hacker Group Lazarus Laundered Over 2,500 Stolen Bitcoins In May, Report
- U.S. University Pays Over $1M Ransom in Bitcoin to Hackers to Regain Access to Encrypted Data
- U.S. Accuses Julian Assange of Recruiting LulzSec and Anonymous Hackers to Steal Gov’t Documents for WikiLeaks
- Secure Identity Expert Explains How Cryptography Gives Us Power Over Personal Data
- Eastern European Hacker Group Stole $200m From Crypto Exchanges via Supply-Chain Attack
- Telegram User Data From Earlier Leaks Found on Dark Web, Contact Import Feature Is to Blame
- Are RSA and Cryptocurrencies Safe Despite Quantum Computing Progress?