Kremlin-Backed Hacking Group Targets Power and Water Sector of Germany, Report
A hacking group linked with the Russian government has reportedly carried out a series of attacks on energy, water, and power sectors of Germany, cybersecurity-focused outlet Cyberscoop reported on May 26.
An anonymous German government advisory told Cyberscoop that internal investigations earlier this year indicated “longstanding compromises” at a slew of German companies operating in the aforementioned industries.
Berserk Bear’s Systematic Attacks Against Energy Companies
German authorities tend to believe that the efforts to compromise the country’s critical infrastructure were taken by the Berserk Bear hacking group.
“The attackers’ goal is to use publicly available but also specially written malware to permanently anchor themselves in the IT network, steal information, or even gain access to productive systems,” the advisory reportedly said.
Nonetheless, there was ostensibly no evidence of a disruptive attack on the companies’ industrial networks.
This is not the first time Germany placed responsibility for large-scale cyberattacks on its energy providers on Berserk Bear. Previously, Germany’s Federal Office for Information Security claimed that the group conducted a widespread and systematic attack against the country’s energy networks throughout 2018.
The attack was also unsuccessful, the agency said, at the time, with energy grids remained largely unaffected by Berserk Bear. The director of Germany’s Federal Office for the Protection of the Constitution said that the “modus operandi” of the hackers “is a major indicator that points to Russian control of the offensive campaign.”
The Hacktivist Group’s Extensive Operations Around the World
In 2018, cybersecurity tech company CrowdStrike released a report, where it examined the activity of some of the world’s leading government-backed hacking groups, including Berserk Bear. CrowdStrike wrote:
“The Berserk Bear adversary group has strong ties to Moscow, Russia, as well as technical and operational overlaps with other likely Russian state-sponsored groups such as Energetic Bear, Team Bear, and Voodoo Bear. The targeting profile of the group observed by CrowdStrike appears to align very closely with the likely collection priorities of Russian intelligence.”
According to the report, Berserk Bear’s activity began increasing in spring 2017, when it launched and maintained extensive operations worldwide throughout the year. The group was reportedly involved in high-profile activity against critical infrastructure entities in the United States and Europe and deployed novel techniques aimed at compromising SMB credentials at targeted organizations.
Written by Ana Alexandre
Subscribe to our Newsletter<
- New Report Reveals How Long Hackers Keep Using Compromised Accounts
- North Korean Hackers Create Crypto-Trading Apps to Steal Cryptocurrencies
- CipherTrace: Twitter Hackers Laundered Stolen Bitcoins Through Exchanges and Casinos
- 7th Hacker Congress in Prague to Seek Relief from Digital Totalitarianism
- Former GlobalHell Hacker: The Attack on Twitter Is Way Bigger than Anticipated
- UK, U.S., and Canada Accuse Russia of Hacking Attacks to Steal Secret Research on Covid-19 Vaccine
- Hack of the Decade: Shameless Bitcoin Scam or Something Much More Sinister?
- What Prompted Sudden Truce Between Telegram and Russian Watchdogs: Main Theories