Austin, Texas hacked by suspected Russian state-sponsored group
The city of Austin, Texas, is reported to have been hacked and a Russian state-sponsored group is suspected to be behind the intrusion.
First reported today by The Intercept, which references documents prepared by the Microsoft Threat Intelligence Center that have not been publicly released, the hack has been traced to mid-October. It’s said to have been used as a jumping-off point for more attacks. The Russian advanced persistent threat group Berserk Bear, which may be linked to Russia’s Federal Security Service, is believed to be behind the attack.
Berserk Bear, also known as Energetic Bear, Dragonfly and several other names was the subject of a warning by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency Oct. 22. Notably, that warning stated that the group was targeting government networks.
A City of Austin spokesperson sort of confirmed the report, telling local media that “while we are aware of this hacking group we cannot provide information about ongoing law enforcement investigations into criminal activity.”
What data, if any was stolen in the hack is unknown. Berserk Bear attacks are usually specifically targeted and may either be seeking to steal information and/or establish a presence for future activities.
Although there is no confirmed link between the hack of Austin and the massive hack involving software from SolarWinds Worldwide LLC, they have something in common: SolarWinds is based in Austin.
“All cities with critical centralized infrastructure should be worried about potential cyberattacks, and should be investing in some level of detection and prevention,” Daniel Trauner, director of security at cybersecurity asset management platform provider Axonius Inc., told SiliconANGLE. “While some of the recent large-scale supply chain attacks may have been useful as starting points for access within many organizations, specifically targeting niche software related to a certain industry or a certain type of infrastructure suggests that the attackers probably had a more specific goal.”
Trauner had more advice: “In addition to prioritizing and patching assets associated with critical infrastructure, organizations need to make sure they are gathering at least some information about all of their infrastructure,” he said. “Just knowing that something exists somewhere in your network and its relationship to other assets is a huge part of the battle.”
Photo: Michael Barera/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU