German Critical Infrastructure At Risk Of Russian Hacking

A Kremlin-linked hacking group, Fancy Bear, is though to be targeting German water, power and energy companies. The hacking group, known to some as Berserk Bear, is  suspected of operating on behalf of Russia’s FSB intelligence agency, has been using the supply chain to access the German, US and EU companies’ IT systems.

Angela Merkel recently condemned cyber-attack by Russia’s foreign intelligence service on the German Parliament, including her personal email account and the US National Security Agency has now warned government partners and private companies in Germany about a Russian hacking operation that uses a special intrusion technique to target operating systems often used by industrial firms to manage computer infrastructure.

The NSA security alert describes how hackers with  Russia's military intelligence are leveraging a software vulnerability in Exim, a mail transfer agent common on Unix-based operating systems, such as Linux. The vulnerability was patched last year, but some users have not updated their systems to close the security gap.

Chancellor Merkel has been the victim of a foreign power’s communications sabotage before. A cyber-attack on the Germany Bundestag, the lower house of Parliament, happened five years ago and stole 16 gigabytes of data and took down the entire network for several days. The organisation responsible for overseeing the operations of Europe’s high voltage power infrastructure has also been hacked.

Berserk Bear is best known in the US for a year long term campaign to collect data on US energy companies, which the Trump said was hacking by the Russian government. 

It is one of a handful of hacking teams that Moscow can call on to spy on industrial computer networks, analysts say. Another group, known as Sandworm and believed to be operating on behalf of Russia’s GRU Military Intelligence Agency, gained notoriety for cutting off power in Ukraine in 2015 and 2016. Berserk Bear is less conspicuous. They have used “waterholing,” or infecting websites and then picking off high-value login credentials, to compromise the IT networks of critical infrastructure companies in Europe and North America. 

In 2018, the hacking group “conducted extensive, worldwide reconnaissance across multiple sectors, including energy, maritime and manufacturing,” and also targeted US government organisations, according to CrowdStrike, while the CEO of industrial cyber security company Dragos, said his analysts were aware of the group’s history of targeting German and US electric utilities.

This is far time from German untility firms’ have encountered with Berserk Bear. In 2018  BSI, the German Federal cyber security agency, accused the hacking group of trying to breach the IT networks of German energy and power companies.  

The European Union may put sanctions on cyber attackers, which impose asset freezes and travel bans on certain individuals, or pressuring Moscow to withdraw some of its many spies in Berlin. German officials believe that a third of the diplomats registered at the Russian Embassy in Berlin work for the GRU.

National Security Agency:      CyberScoop:      NYTimes:      Guardian:        CBR Online:       NY Times

You Might Also Read: 

Russian Cyber Operations: State-led Organised Crime:

Iran Fingered For Attack On Israeli Water Infrastructure:

 

« Home Working: Reduce The Cyber Risks
Do Not Underestimate Iran’s Cyber Threat »

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

Thursday, August 20, 2020 - Join SANS and AWS Marketplace to learn the exercise of applying MITRE’s ATT&CK Matrix to the AWS Cloud and how to enhance threat detection and hunting in an AWS environment

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tenable Network Security

Tenable Network Security

Tenable Network Security - The Rise of the Business-Aligned Security Executive. Is your security operation aligned with the overarching goals of the business?

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Indegy

Indegy

Indegy provide security solutions for industrial control system (ICS) networks.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

Microsoft Malware Protection Center

Microsoft Malware Protection Center

Microsoft MPC conducts malware research and provides security software to help protect your PC from malware and other threats.

Empow Cyber Security

Empow Cyber Security

Empow has developed a way for enterprises to orchestrate their security infrastructure, get the most out of each security product, and better mitigate attacks, while using fewer resources to do so.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.