Security News > 2020 > October > U.S. Says Russian Hackers Stole Data From Two Government Servers
The United States says Russian state-sponsored hacking group Energetic Bear has successfully compromised state, local, territorial, and tribal government networks and stole data from at least two servers.
The attacks, conducted since at least September 2020, "Targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers," the alert reads.
According to the FBI and CISA, the threat actor does not appear to have intentionally disrupted the operations of organizations in aviation, education, elections, or government sectors.
The attacks might also be seen as a risk to elections information that is stored on SLTT government networks, but there's no evidence that such data has been compromised, the FBI and CISA note.
"Organizations must maintain a robust layered defense network with monitoring and detection to reduce an attack's risk by a known vulnerability and exploit. The recent attacks from nation-state cybersecurity operatives use known vulnerabilities to access an organization's networks and systems to steal data," James McQuiggan, security awareness advocate at KnowBe4, commented.
News URL
Related news
- Russian-Linked Hackers Target Eastern European NGOs and Media (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- Russian laundering millions for Lazarus hackers arrested in Argentina (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Russian security firm Dr.Web disconnects all servers after breach (source)