CISA & FBI released a joint alert detailing Russian state-sponsored advanced persistent threat (APT) targeting various U.S. government networks to steal sensitive data.
Russian State-sponsored actors group such as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala are active since 2010 and targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks.
According to the joint alert the group has compromised many government networks and gained access to sensitive files that includes;
“The Russian state-sponsored APT actor has targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers.”
Once these threat actors gained initial access to the network, then they move inside the network and locate for high-value assets to exfiltrate data.
“To date, the FBI and CISA have no information to indicate this APT actor has intentionally disrupted any aviation, education, elections, or government operations. However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize SLTT government entities.”
FBI and CISA on=bserved that the threat actor group vulnerable Citrix and Microsoft Exchange services and identified vulnerable systems, likely for future exploitation.
It is recommended to fix the updated applications and prioritize patching for external-facing applications and remote access services to address vulnerabilities including CVE-2019-19781, CVE-2020-0688, CVE 2019-10149, CVE-2018-13379, and CVE-2020-1472.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read
GitHub Launches Code Scanning Tool to Find Security Vulnerabilities – Available for All Users
Beware of the New Critical Zerologon Vulnerability in The Windows Server
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…
Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…
A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…
A surge in phishing text messages claiming unpaid tolls has been linked to a massive…