German Critical Infrastructure At Risk Of Russian Hacking

Uploaded on 2020-06-02 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy, INTELLIGENCE-Hot Spots-Russia, TECHNOLOGY--Hackers

A Kremlin-linked hacking group, Fancy Bear, is though to be targeting German water, power and energy companies. The hacking group, known to some as Berserk Bear, is  suspected of operating on behalf of Russia’s FSB intelligence agency, has been using the supply chain to access the German, US and EU companies’ IT systems.

Angela Merkel recently condemned cyber-attack by Russia’s foreign intelligence service on the German Parliament, including her personal email account and the US National Security Agency has now warned government partners and private companies in Germany about a Russian hacking operation that uses a special intrusion technique to target operating systems often used by industrial firms to manage computer infrastructure.

The NSA security alert describes how hackers with  Russia's military intelligence are leveraging a software vulnerability in Exim, a mail transfer agent common on Unix-based operating systems, such as Linux. The vulnerability was patched last year, but some users have not updated their systems to close the security gap.

Chancellor Merkel has been the victim of a foreign power’s communications sabotage before. A cyber-attack on the Germany Bundestag, the lower house of Parliament, happened five years ago and stole 16 gigabytes of data and took down the entire network for several days. The organisation responsible for overseeing the operations of Europe’s high voltage power infrastructure has also been hacked.

Berserk Bear is best known in the US for a year long term campaign to collect data on US energy companies, which the Trump said was hacking by the Russian government. 

It is one of a handful of hacking teams that Moscow can call on to spy on industrial computer networks, analysts say. Another group, known as Sandworm and believed to be operating on behalf of Russia’s GRU Military Intelligence Agency, gained notoriety for cutting off power in Ukraine in 2015 and 2016. Berserk Bear is less conspicuous. They have used “waterholing,” or infecting websites and then picking off high-value login credentials, to compromise the IT networks of critical infrastructure companies in Europe and North America. 

In 2018, the hacking group “conducted extensive, worldwide reconnaissance across multiple sectors, including energy, maritime and manufacturing,” and also targeted US government organisations, according to CrowdStrike, while the CEO of industrial cyber security company Dragos, said his analysts were aware of the group’s history of targeting German and US electric utilities.

This is far time from German untility firms’ have encountered with Berserk Bear. In 2018  BSI, the German Federal cyber security agency, accused the hacking group of trying to breach the IT networks of German energy and power companies.  

The European Union may put sanctions on cyber attackers, which impose asset freezes and travel bans on certain individuals, or pressuring Moscow to withdraw some of its many spies in Berlin. German officials believe that a third of the diplomats registered at the Russian Embassy in Berlin work for the GRU.

National Security Agency:      CyberScoop:      NYTimes:      Guardian:        CBR Online:       NY Times

You Might Also Read: 

Russian Cyber Operations: State-led Organised Crime:

Iran Fingered For Attack On Israeli Water Infrastructure:

 

« Home Working: Reduce The Cyber Risks
Do Not Underestimate Iran’s Cyber Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

Engineering Ingegneria Informatica

Engineering Ingegneria Informatica

Ingegneria Informatica is a leading Italian provider of Information Technology consulting, services and solutions including cyber security.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

Lepide

Lepide

LepideAuditor is a powerful Data Security Platform that enables you to reduce risk, prevent data breaches and prove regulatory compliance.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

Bitdefender

Bitdefender

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.

Cyber Risk International

Cyber Risk International

Cyber Risk International offer CyberPrism, a B2B SaaS solution that empowers businesses to perform a self-assessment of their cyber security program.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.