Categories: Cyber AttackCyber Security NewsMalware

Russian Hackers Attack U.S. Government Networks To Steal Sensitive Data

CISA & FBI released a joint alert detailing Russian state-sponsored advanced persistent threat (APT) targeting various U.S. government networks to steal sensitive data.

Russian State-sponsored actors group such as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala are active since 2010 and targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks.

Data Stolen From Government networks

According to the joint alert the group has compromised many government networks and gained access to sensitive files that includes;

  • Sensitive network configurations and passwords.
  • Standard operating procedures (SOP), such as enrolling in multi-factor authentication (MFA).
  • IT instructions, such as requesting password resets.
  • Vendors and purchasing information.
  • Printing access badges.

“The Russian state-sponsored APT actor has targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers.”

Once these threat actors gained initial access to the network, then they move inside the network and locate for high-value assets to exfiltrate data.

“To date, the FBI and CISA have no information to indicate this APT actor has intentionally disrupted any aviation, education, elections, or government operations. However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize SLTT government entities.”

FBI and CISA on=bserved that the threat actor group vulnerable Citrix and Microsoft Exchange services and identified vulnerable systems, likely for future exploitation.

It is recommended to fix the updated applications and prioritize patching for external-facing applications and remote access services to address vulnerabilities including CVE-2019-19781, CVE-2020-0688, CVE 2019-10149, CVE-2018-13379, and CVE-2020-1472.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

GitHub Launches Code Scanning Tool to Find Security Vulnerabilities – Available for All Users

Beware of the New Critical Zerologon Vulnerability in The Windows Server

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: Cyber AttackMalware
4 years ago

Recent Posts

10 Best Penetration Testing Companies in 2025

Penetration testing companies play a vital role in strengthening the cybersecurity defenses of organizations by…

1 day ago

Lumma Stealer Using Fake Google Meet & Windows Update Sites to Launch “Click Fix” Style Attack

Cybersecurity researchers continue to track sophisticated "Click Fix" style distribution campaigns that deliver the notorious…

2 days ago

Fake BianLian Ransom Demands Sent via Physical Letters to U.S. Firms

In a novel and concerning development, multiple U.S. organizations have reported receiving suspicious physical letters…

2 days ago

Strela Stealer Malware Attack Microsoft Outlook Users for Credential Theft

The cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware,…

2 days ago

New PyPI Malware Targets Developers to Steal Ethereum Wallets

A recent discovery by the Socket Research Team has unveiled a malicious PyPI package named…

2 days ago

Threat Actors Exploit PHP-CGI RCE Vulnerability to Attack Windows Machines

A recent cybersecurity threat has emerged where unknown attackers are exploiting a critical remote code…

2 days ago