Security News > 2020 > October > U.S. Says Russian Hackers Stole Data From Two Government Servers

The United States says Russian state-sponsored hacking group Energetic Bear has successfully compromised state, local, territorial, and tribal government networks and stole data from at least two servers.
The attacks, conducted since at least September 2020, "Targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers," the alert reads.
According to the FBI and CISA, the threat actor does not appear to have intentionally disrupted the operations of organizations in aviation, education, elections, or government sectors.
The attacks might also be seen as a risk to elections information that is stored on SLTT government networks, but there's no evidence that such data has been compromised, the FBI and CISA note.
"Organizations must maintain a robust layered defense network with monitoring and detection to reduce an attack's risk by a known vulnerability and exploit. The recent attacks from nation-state cybersecurity operatives use known vulnerabilities to access an organization's networks and systems to steal data," James McQuiggan, security awareness advocate at KnowBe4, commented.
News URL
Related news
- Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- ASUS releases fix for AMI bug that lets hackers brick servers (source)