German Critical Infrastructure At Risk Of Russian Hacking

Uploaded on 2020-06-02 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy, INTELLIGENCE-Hot Spots-Russia, TECHNOLOGY--Hackers

A Kremlin-linked hacking group, Fancy Bear, is though to be targeting German water, power and energy companies. The hacking group, known to some as Berserk Bear, is  suspected of operating on behalf of Russia’s FSB intelligence agency, has been using the supply chain to access the German, US and EU companies’ IT systems.

Angela Merkel recently condemned cyber-attack by Russia’s foreign intelligence service on the German Parliament, including her personal email account and the US National Security Agency has now warned government partners and private companies in Germany about a Russian hacking operation that uses a special intrusion technique to target operating systems often used by industrial firms to manage computer infrastructure.

The NSA security alert describes how hackers with  Russia's military intelligence are leveraging a software vulnerability in Exim, a mail transfer agent common on Unix-based operating systems, such as Linux. The vulnerability was patched last year, but some users have not updated their systems to close the security gap.

Chancellor Merkel has been the victim of a foreign power’s communications sabotage before. A cyber-attack on the Germany Bundestag, the lower house of Parliament, happened five years ago and stole 16 gigabytes of data and took down the entire network for several days. The organisation responsible for overseeing the operations of Europe’s high voltage power infrastructure has also been hacked.

Berserk Bear is best known in the US for a year long term campaign to collect data on US energy companies, which the Trump said was hacking by the Russian government. 

It is one of a handful of hacking teams that Moscow can call on to spy on industrial computer networks, analysts say. Another group, known as Sandworm and believed to be operating on behalf of Russia’s GRU Military Intelligence Agency, gained notoriety for cutting off power in Ukraine in 2015 and 2016. Berserk Bear is less conspicuous. They have used “waterholing,” or infecting websites and then picking off high-value login credentials, to compromise the IT networks of critical infrastructure companies in Europe and North America. 

In 2018, the hacking group “conducted extensive, worldwide reconnaissance across multiple sectors, including energy, maritime and manufacturing,” and also targeted US government organisations, according to CrowdStrike, while the CEO of industrial cyber security company Dragos, said his analysts were aware of the group’s history of targeting German and US electric utilities.

This is far time from German untility firms’ have encountered with Berserk Bear. In 2018  BSI, the German Federal cyber security agency, accused the hacking group of trying to breach the IT networks of German energy and power companies.  

The European Union may put sanctions on cyber attackers, which impose asset freezes and travel bans on certain individuals, or pressuring Moscow to withdraw some of its many spies in Berlin. German officials believe that a third of the diplomats registered at the Russian Embassy in Berlin work for the GRU.

National Security Agency:      CyberScoop:      NYTimes:      Guardian:        CBR Online:       NY Times

You Might Also Read: 

Russian Cyber Operations: State-led Organised Crime:

Iran Fingered For Attack On Israeli Water Infrastructure:

 

« Home Working: Reduce The Cyber Risks
Do Not Underestimate Iran’s Cyber Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IX Associates

IX Associates

IX Associates is a UK based IT Integration business specialising in risk, compliance, eDefence, and network security solutions.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

e2e-assure

e2e-assure

e2e Protective Monitoring and Security Operations Centre (SOC) Service is a complete cyber defence service to protect your critical assets from cyber attacks and GDPR breaches.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

CyberSec.sk

CyberSec.sk

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

National Academy of Cyber Security (NACS)

National Academy of Cyber Security (NACS)

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

AutoRABIT

AutoRABIT

AutoRABIT provides DevSecOps tools built specifically for Salesforce developers to increase release velocity, produce consistently high-quality code, and enhance data security.

Kivera

Kivera

Kivera enforces your organisation governance and security policies across cloud deployments preventing misconfigurations turning into attack vectors.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.