Thursday, May 15, 2025
Follow us On Linkedin
HomeCyber AttackRussian Hackers Attack U.S. Government Networks To Steal Sensitive Data

Russian Hackers Attack U.S. Government Networks To Steal Sensitive Data

Cyber AttackCyber Security NewsMalware

Published on

By Gurubaran
Russian Hackers Attack U.S. Government Networks To Steal Sensitive Data

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

CISA & FBI released a joint alert detailing Russian state-sponsored advanced persistent threat (APT) targeting various U.S. government networks to steal sensitive data.

Russian State-sponsored actors group such as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala are active since 2010 and targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks.

Data Stolen From Government networks

According to the joint alert the group has compromised many government networks and gained access to sensitive files that includes;

- Advertisement - Google News
  • Sensitive network configurations and passwords.
  • Standard operating procedures (SOP), such as enrolling in multi-factor authentication (MFA).
  • IT instructions, such as requesting password resets.
  • Vendors and purchasing information.
  • Printing access badges.

“The Russian state-sponsored APT actor has targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers.”

Once these threat actors gained initial access to the network, then they move inside the network and locate for high-value assets to exfiltrate data.

“To date, the FBI and CISA have no information to indicate this APT actor has intentionally disrupted any aviation, education, elections, or government operations. However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize SLTT government entities.”

FBI and CISA on=bserved that the threat actor group vulnerable Citrix and Microsoft Exchange services and identified vulnerable systems, likely for future exploitation.

It is recommended to fix the updated applications and prioritize patching for external-facing applications and remote access services to address vulnerabilities including CVE-2019-19781, CVE-2020-0688, CVE 2019-10149, CVE-2018-13379, and CVE-2020-1472.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

GitHub Launches Code Scanning Tool to Find Security Vulnerabilities – Available for All Users

Beware of the New Critical Zerologon Vulnerability in The Windows Server

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Inside Turla’s Uroboros Infrastructure and Tactics Revealed

In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed...
cyber security

CISA Alerts on Five Active Zero-Day Windows Vulnerabilities Being Exploited

Cybersecurity professionals and network defenders, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has...
Cyber Security News

Intruder vs. Acunetix vs. Attaxion: Comparing Vulnerability Management Solutions

The vulnerability management market is projected to reach US$24.08 billion by 2030, with numerous...
cyber security

Hackers Exploit Google Services to Send Malicious Law Enforcement Requests

Cybersecurity researchers have uncovered a sophisticated phishing campaign where malicious actors exploit Google services...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

cyber security

Inside Turla’s Uroboros Infrastructure and Tactics Revealed

In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed...
cyber security

CISA Alerts on Five Active Zero-Day Windows Vulnerabilities Being Exploited

Cybersecurity professionals and network defenders, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has...
Cyber Security News

Intruder vs. Acunetix vs. Attaxion: Comparing Vulnerability Management Solutions

The vulnerability management market is projected to reach US$24.08 billion by 2030, with numerous...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved