Kremlin-Backed Hacking Group Targets Power and Water Sector of Germany, Report

News and Analysis

A hacking group linked with the Russian government has reportedly carried out a series of attacks on energy, water, and power sectors of Germany, cybersecurity-focused outlet Cyberscoop reported on May 26.

An anonymous German government advisory told Cyberscoop that internal investigations earlier this year indicated “longstanding compromises” at a slew of German companies operating in the aforementioned industries.

Berserk Bear’s Systematic Attacks Against Energy Companies

German authorities tend to believe that the efforts to compromise the country’s critical infrastructure were taken by the Berserk Bear hacking group.

“The attackers’ goal is to use publicly available but also specially written malware to permanently anchor themselves in the IT network, steal information, or even gain access to productive systems,” the advisory reportedly said.

Nonetheless, there was ostensibly no evidence of a disruptive attack on the companies’ industrial networks.

This is not the first time Germany placed responsibility for large-scale cyberattacks on its energy providers on Berserk Bear. Previously, Germany’s Federal Office for Information Security claimed that the group conducted a widespread and systematic attack against the country’s energy networks throughout 2018.

The attack was also unsuccessful, the agency said, at the time, with energy grids remained largely unaffected by Berserk Bear. The director of Germany’s Federal Office for the Protection of the Constitution said that the “modus operandi” of the hackers “is a major indicator that points to Russian control of the offensive campaign.”

The Hacktivist Group’s Extensive Operations Around the World

In 2018, cybersecurity tech company CrowdStrike released a report, where it examined the activity of some of the world’s leading government-backed hacking groups, including Berserk Bear. CrowdStrike wrote:

“The Berserk Bear adversary group has strong ties to Moscow, Russia, as well as technical and operational overlaps with other likely Russian state-sponsored groups such as Energetic Bear, Team Bear, and Voodoo Bear. The targeting profile of the group observed by CrowdStrike appears to align very closely with the likely collection priorities of Russian intelligence.”

According to the report, Berserk Bear’s activity began increasing in spring 2017, when it launched and maintained extensive operations worldwide throughout the year. The group was reportedly involved in high-profile activity against critical infrastructure entities in the United States and Europe and deployed novel techniques aimed at compromising SMB credentials at targeted organizations.

Written by Ana Alexandre

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter


Related posts

Tags: , , ,