German Critical Infrastructure At Risk Of Russian Hacking

Uploaded on 2020-06-02 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy, INTELLIGENCE-Hot Spots-Russia, TECHNOLOGY--Hackers

A Kremlin-linked hacking group, Fancy Bear, is though to be targeting German water, power and energy companies. The hacking group, known to some as Berserk Bear, is  suspected of operating on behalf of Russia’s FSB intelligence agency, has been using the supply chain to access the German, US and EU companies’ IT systems.

Angela Merkel recently condemned cyber-attack by Russia’s foreign intelligence service on the German Parliament, including her personal email account and the US National Security Agency has now warned government partners and private companies in Germany about a Russian hacking operation that uses a special intrusion technique to target operating systems often used by industrial firms to manage computer infrastructure.

The NSA security alert describes how hackers with  Russia's military intelligence are leveraging a software vulnerability in Exim, a mail transfer agent common on Unix-based operating systems, such as Linux. The vulnerability was patched last year, but some users have not updated their systems to close the security gap.

Chancellor Merkel has been the victim of a foreign power’s communications sabotage before. A cyber-attack on the Germany Bundestag, the lower house of Parliament, happened five years ago and stole 16 gigabytes of data and took down the entire network for several days. The organisation responsible for overseeing the operations of Europe’s high voltage power infrastructure has also been hacked.

Berserk Bear is best known in the US for a year long term campaign to collect data on US energy companies, which the Trump said was hacking by the Russian government. 

It is one of a handful of hacking teams that Moscow can call on to spy on industrial computer networks, analysts say. Another group, known as Sandworm and believed to be operating on behalf of Russia’s GRU Military Intelligence Agency, gained notoriety for cutting off power in Ukraine in 2015 and 2016. Berserk Bear is less conspicuous. They have used “waterholing,” or infecting websites and then picking off high-value login credentials, to compromise the IT networks of critical infrastructure companies in Europe and North America. 

In 2018, the hacking group “conducted extensive, worldwide reconnaissance across multiple sectors, including energy, maritime and manufacturing,” and also targeted US government organisations, according to CrowdStrike, while the CEO of industrial cyber security company Dragos, said his analysts were aware of the group’s history of targeting German and US electric utilities.

This is far time from German untility firms’ have encountered with Berserk Bear. In 2018  BSI, the German Federal cyber security agency, accused the hacking group of trying to breach the IT networks of German energy and power companies.  

The European Union may put sanctions on cyber attackers, which impose asset freezes and travel bans on certain individuals, or pressuring Moscow to withdraw some of its many spies in Berlin. German officials believe that a third of the diplomats registered at the Russian Embassy in Berlin work for the GRU.

National Security Agency:      CyberScoop:      NYTimes:      Guardian:        CBR Online:       NY Times

You Might Also Read: 

Russian Cyber Operations: State-led Organised Crime:

Iran Fingered For Attack On Israeli Water Infrastructure:

 

« Home Working: Reduce The Cyber Risks
Do Not Underestimate Iran’s Cyber Threat »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

Concentric AI

Concentric AI

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

Quantum Security

Quantum Security

Quantum's game-changing approach to cybersecurity brings you performance and peace-of-mind, with a raft of additional benefits: it's non-proprietary, comprehensive, scalable, and affordable.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

Cloud Range

Cloud Range

Cloud Range provides cybersecurity teams with access to the world's leading cyber range platform, eliminating the need to invest in costly cyber range infrastructure.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.

Mother Technologies

Mother Technologies

From Datacentre to Desktop, Mother Technologies has been delivering IT Support, Telecoms, Cybersecurity and Connectivity services to businesses across Scotland and beyond since 2002.