SECURITY
SECURITY
SECURITY
Austin, Texas hacked by suspected Russian state-sponsored group
The city of Austin, Texas, is reported to have been hacked and a Russian state-sponsored group is suspected to be behind the intrusion.
First reported today by The Intercept, which references documents prepared by the Microsoft Threat Intelligence Center that have not been publicly released, the hack has been traced to mid-October. It’s said to have been used as a jumping-off point for more attacks. The Russian advanced persistent threat group Berserk Bear, which may be linked to Russia’s Federal Security Service, is believed to be behind the attack.
Berserk Bear, also known as Energetic Bear, Dragonfly and several other names was the subject of a warning by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency Oct. 22. Notably, that warning stated that the group was targeting government networks.
A City of Austin spokesperson sort of confirmed the report, telling local media that “while we are aware of this hacking group we cannot provide information about ongoing law enforcement investigations into criminal activity.”
What data, if any was stolen in the hack is unknown. Berserk Bear attacks are usually specifically targeted and may either be seeking to steal information and/or establish a presence for future activities.
Although there is no confirmed link between the hack of Austin and the massive hack involving software from SolarWinds Worldwide LLC, they have something in common: SolarWinds is based in Austin.
“All cities with critical centralized infrastructure should be worried about potential cyberattacks, and should be investing in some level of detection and prevention,” Daniel Trauner, director of security at cybersecurity asset management platform provider Axonius Inc., told SiliconANGLE. “While some of the recent large-scale supply chain attacks may have been useful as starting points for access within many organizations, specifically targeting niche software related to a certain industry or a certain type of infrastructure suggests that the attackers probably had a more specific goal.”
Trauner had more advice: “In addition to prioritizing and patching assets associated with critical infrastructure, organizations need to make sure they are gathering at least some information about all of their infrastructure,” he said. “Just knowing that something exists somewhere in your network and its relationship to other assets is a huge part of the battle.”
Photo: Michael Barera/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
.jpg){kind=link}