German Critical Infrastructure At Risk Of Russian Hacking
A Kremlin-linked hacking group, Fancy Bear, is though to be targeting German water, power and energy companies. The hacking group, known to some as Berserk Bear, is suspected of operating on behalf of Russia’s FSB intelligence agency, has been using the supply chain to access the German, US and EU companies’ IT systems.
Angela Merkel recently condemned cyber-attack by Russia’s foreign intelligence service on the German Parliament, including her personal email account and the US National Security Agency has now warned government partners and private companies in Germany about a Russian hacking operation that uses a special intrusion technique to target operating systems often used by industrial firms to manage computer infrastructure.
The NSA security alert describes how hackers with Russia's military intelligence are leveraging a software vulnerability in Exim, a mail transfer agent common on Unix-based operating systems, such as Linux. The vulnerability was patched last year, but some users have not updated their systems to close the security gap.
Chancellor Merkel has been the victim of a foreign power’s communications sabotage before. A cyber-attack on the Germany Bundestag, the lower house of Parliament, happened five years ago and stole 16 gigabytes of data and took down the entire network for several days. The organisation responsible for overseeing the operations of Europe’s high voltage power infrastructure has also been hacked.
Berserk Bear is best known in the US for a year long term campaign to collect data on US energy companies, which the Trump said was hacking by the Russian government.
It is one of a handful of hacking teams that Moscow can call on to spy on industrial computer networks, analysts say. Another group, known as Sandworm and believed to be operating on behalf of Russia’s GRU Military Intelligence Agency, gained notoriety for cutting off power in Ukraine in 2015 and 2016. Berserk Bear is less conspicuous. They have used “waterholing,” or infecting websites and then picking off high-value login credentials, to compromise the IT networks of critical infrastructure companies in Europe and North America.
In 2018, the hacking group “conducted extensive, worldwide reconnaissance across multiple sectors, including energy, maritime and manufacturing,” and also targeted US government organisations, according to CrowdStrike, while the CEO of industrial cyber security company Dragos, said his analysts were aware of the group’s history of targeting German and US electric utilities.
This is far time from German untility firms’ have encountered with Berserk Bear. In 2018 BSI, the German Federal cyber security agency, accused the hacking group of trying to breach the IT networks of German energy and power companies.
The European Union may put sanctions on cyber attackers, which impose asset freezes and travel bans on certain individuals, or pressuring Moscow to withdraw some of its many spies in Berlin. German officials believe that a third of the diplomats registered at the Russian Embassy in Berlin work for the GRU.
National Security Agency: CyberScoop: NYTimes: Guardian: CBR Online: NY Times:
You Might Also Read:
Russian Cyber Operations: State-led Organised Crime:
Iran Fingered For Attack On Israeli Water Infrastructure: