Category Archives: energetic bear

Russia-linked group that breached US state and local IT draws official accusation from feds

Posted on by

It’s no secret that the hacking group often referred to as Energetic Bear or TEMP.Isotope — linked by multiple security firms to Russia — is the prime suspect in a handful of breaches of state and local networks in recent weeks. But now U.S. federal officials are formally blaming the hackers for the activity. It’s part of a broader U.S effort to more swiftly accuse foreign adversaries of wrongdoing ahead of Election Day while reassuring voters that the election is being protected. In this case, federal officials said the Russian group had used a combination of old and new software vulnerabilities to breach some IT infrastructure used by state and local officials, but that there was no evidence that the “integrity of elections data has been compromised.” “The Russian state-sponsored APT actor has targeted dozens of SLTT [state, local, territorial and tribal] and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of […]

The post Russia-linked group that breached US state and local IT draws official accusation from feds appeared first on CyberScoop.

Continue reading Russia-linked group that breached US state and local IT draws official accusation from feds

An old foe’s footprints muddle the mystery around group responsible for energy sector hacks

Posted on by

Though leading cybersecurity firms are closing in on the hackers responsible for a recent email phishing campaign and watering hole scheme designed to target U.S. energy companies, the available evidence points to an amorphous group that hasn’t been active for three years. It’s yet another mystery within an already complex case. The leading suspect behind this incident, according to cybersecurity experts and former U.S. intelligence officials, is a group associated with past operations tied to Russia. Known as “Energetic Bear,” “Koala Team” or “Crouching Yeti” to the information security community, the unit has a long history of targeting the energy sector and exploiting outdated vulnerabilities in Microsoft Word and Adobe Flash. “Koala Team is a prolific cyber espionage actor that has affected a comprehensive set of verticals using a combination of opportunistic and targeted tactics since at least 2011,” Cristiana Brafman Kittner, a senior analyst with U.S. cybersecurity firm FireEye, told CyberScoop. […]

The post An old foe’s footprints muddle the mystery around group responsible for energy sector hacks appeared first on Cyberscoop.

Continue reading An old foe’s footprints muddle the mystery around group responsible for energy sector hacks

Spearphishing attacks on energy firms tied to years-long global hacking operation

Posted on by

A recent barrage of well-crafted phishing emails aimed at employees at U.S. energy companies, including one nuclear facility, is tied to a years-long international campaign to steal user credentials and gather intelligence from the world’s largest energy firms. The New York Times and Bloomberg reported Thursday that the FBI and Department of Homeland Security had recently warned several U.S. energy companies about the threat of hackers attempting to break into their networks by using specially tailored spearphishing emails and watering hole-style attacks. John Hultquist, who leads U.S. cybersecurity firm FireEye’s cyberespionage analysis division, said that he’s been independently tracking this same operation and that FireEye customers were warned about it roughly five weeks ago. “We’ve tied this recent operation to a campaign that started all the way back in 2015, which extends beyond the U.S., and has targeted companies in the Middle East and Western Europe … specifically in Turkey […]

The post Spearphishing attacks on energy firms tied to years-long global hacking operation appeared first on Cyberscoop.

Continue reading Spearphishing attacks on energy firms tied to years-long global hacking operation