fbpx
Wikipedia

Berserk Bear

January 01, 1970

Berserk Bear (also known as BROMINE, Crouching Yeti, Dragonfly, Dragonfly 2.0, DYMALLOY, Energetic Bear, Ghost Blizzard,[2] Havex, IRON LIBERTY, Koala, or TeamSpy)[3][4][5] is a Russian cyber espionage group, sometimes known as an advanced persistent threat.[1] According to the United States, the group is composed of "FSB hackers," either those directly employed by the FSB or Russian civilian, criminal hackers coerced into contracting as FSB hackers while still freelancing or moonlighting as criminal hackers.[6] Four accused Berserk Bear participants, three FSB staff and one civilian, have been indicted in the United States and are regarded by the United States Department of Justice as fugitives.

Berserk Bear
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
Region
Russia
Methodsmalware
Official language
Russian
Parent organization
FSB[1]
Formerly called
Crouching Yeti
Dragonfly
Dragonfly 2.0
DYMALLOY
Energetic Bear
Havex
IRON LIBERTY
Koala
TeamSpy

Activities edit

Berserk Bear specializes in compromising utilities infrastructure, especially that belonging to companies responsible for water or energy distribution.[1][7] It has performed these activities in at least Germany and the U.S.[7] These operations are targeted towards surveillance and technical reconnaissance.[6]

Berserk Bear has also targeted many state, local, and tribal government and aviation networks in the U.S., and as of October 1, 2020, had exfiltrated data from at least two victim servers.[4] In particular, Berserk Bear is believed to have infiltrated the computer network of the city of Austin, Texas, during 2020.[8][9][6]

The group is capable of producing its own advanced malware, although it sometimes seeks to mimic other hacking groups and conceal its activities.[6]

Indictments unsealed 2022 edit

In 2021 federal grand juries in the United States indicted three personnel of the Russian Federal Security Service (FSB) and a civilian from the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM). These indictments were kept under seal until March 2022 when the United States publicly named the defendants and treated them as fugitives.

Evgeny Gladkikh edit

Evgeny Gladkikh (Russian: Евгений Гладких): is accused of targeting network-connected safety equipment with the intent to gain the capability to sabotage them. He was indicted in the U.S. District Court for the District of Columbia [10]

"Center 16" defendants edit

The indictment in the case United States v. Akulov, et al. is focused on members of a team within "Center 16" (Russian: 16-й Центр)[a] an FSB component also known as Military Unit 71330 (Russian: Bойсковая часть B/Ч 71330).

The British Foreign Office states that the full name of Center 16 is "Radio-Electronic Intelligence by Means of Communication" (TsRRSS); Russian: Центр радиоэлектронной разведки на средствах связи (ЦPPCC)[11]

The U.S. v. Akulov case was filed within the United States District Court for the District of Kansas.[12] The named defendants are:

  • Pavel Aleksandrovich Akulov (Russian: Павел Александрович Акулов, b. 2 July 1985) is described as a military officer assigned to Military Unit 71330, who held the rank of lieutenant as of 2013. Akulov is described as conducting surveillance and reconnaissance supporting the targeting of the Wolf Creek Generating Station computer network.[12]
  • Mikhail Mikhailovich Gavrilov (Russian: Михаил Михайлович Гаврилов, b. 7 November 1979) is described as Russian military intelligence officer assigned to Military Unit 71330. He has held the rank of captain and major. He is described as conducting computer intrusions into the computer networks of Wolf Creek and another unnamed entity ("Company 7") used to access energy, utility and critical infrastructure webmail login webpages.[12]
  • Marat Valeryevich Tyukov (Russian: Марат Валерьевич Тюков, b. 17 November 1982) is described as a Russian military intelligence officer assigned to Military Unit 71330. He is alleged to have gained unauthorized access to a server owned by an unnamed entity ("Company One") that was used for command and control infrastructure. He is also accused of tampering with updates to industrial control software which affected power and energy companies globally.[12]

FBI and Department of State designation edit

The U.S. State Department Rewards for Justice Program is offering $10 million for tips leading that lead to the apprehension of the four named "Berserk Bear" suspects.

Wanted Posters
  •  
    English Language Reward Poster for Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov
  •  
    Russian Language Reward Poster for Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov
  •  
    English Language Reward Poster for Evgeny Viktorovich Gladkikh
  •  
    Russian Language Reward Poster for Evgeny Viktorovich Gladkikh

See also edit

References edit

  1. ^ "Center 16" is the translation contained within the indictments. Elsewhere, the Estonian Foreign Intelligence Service refers to the unit as "16th Centre." see "International Security and Estonia 2019" (PDF). valisluureamet.ee. Estonian Foreign Intelligence Service. pp. 56–60. (PDF) from the original on 9 March 2022. Retrieved 6 April 2022.
  1. ^ a b c Greenberg, Andy. "The Russian Hackers Playing 'Chekhov's Gun' With US Infrastructure". Wired – via www.wired.com.
  2. ^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
  3. ^ "Dragonfly 2.0, IRON LIBERTY, DYMALLOY, Berserk Bear, Group G0074 | MITRE ATT&CK®". attack.mitre.org.
  4. ^ a b "Russian state hackers stole data from US government networks". BleepingComputer.
  5. ^ Goodin, Dan (December 7, 2020). "NSA says Russian state hackers are using a VMware flaw to ransack networks". Ars Technica.
  6. ^ a b c d Bowen, Andrew S. (January 4, 2021). Russian Cyber Units (Report). Congressional Research Service. p. 2. Retrieved July 25, 2021.
  7. ^ a b "German intelligence agencies warn of Russian hacking threats to critical infrastructure". CyberScoop. May 26, 2020.
  8. ^ Hvistendahl, Mara; Lee, Micah; Smith, Jordan (December 17, 2020). "Russian Hackers Have Been Inside Austin City Network for Months". The Intercept.
  9. ^ "Austin officials quiet on reports that city network hacked". www.msn.com.
  10. ^ "Indictment" (PDF), United States v. Gladkikh (Court Filing), no. 1:21-cr-00442, Docket 1, D.D.C., 26 Aug 2021, retrieved 5 April 2022 – via Recap (PACER current docket view )
  11. ^ "Russia's FSB malign activity: factsheet". gov.uk. Foreign, Commonwealth & Development Office. 5 April 2022. Retrieved 6 April 2022.
  12. ^ a b c d "Indictment" (PDF), United States v. Akulov, et al. (Court Filing), no. 1:21-cr-20047, Docket 3, D.K.S., 26 Aug 2021, retrieved 5 April 2022 – via Recap (PACER current docket view )

January 01, 1970
berserk, bear, also, known, bromine, crouching, yeti, dragonfly, dragonfly, dymalloy, energetic, bear, ghost, blizzard, havex, iron, liberty, koala, teamspy, russian, cyber, espionage, group, sometimes, known, advanced, persistent, threat, according, united, s. Berserk Bear also known as BROMINE Crouching Yeti Dragonfly Dragonfly 2 0 DYMALLOY Energetic Bear Ghost Blizzard 2 Havex IRON LIBERTY Koala or TeamSpy 3 4 5 is a Russian cyber espionage group sometimes known as an advanced persistent threat 1 According to the United States the group is composed of FSB hackers either those directly employed by the FSB or Russian civilian criminal hackers coerced into contracting as FSB hackers while still freelancing or moonlighting as criminal hackers 6 Four accused Berserk Bear participants three FSB staff and one civilian have been indicted in the United States and are regarded by the United States Department of Justice as fugitives Berserk BearTypeAdvanced persistent threatPurposeCyberespionage cyberwarfareRegionRussiaMethodsmalwareOfficial languageRussianParent organizationFSB 1 Formerly calledCrouching YetiDragonflyDragonfly 2 0DYMALLOYEnergetic BearHavexIRON LIBERTYKoalaTeamSpy Contents 1 Activities 2 Indictments unsealed 2022 2 1 Evgeny Gladkikh 2 2 Center 16 defendants 2 3 FBI and Department of State designation 3 See also 4 ReferencesActivities editBerserk Bear specializes in compromising utilities infrastructure especially that belonging to companies responsible for water or energy distribution 1 7 It has performed these activities in at least Germany and the U S 7 These operations are targeted towards surveillance and technical reconnaissance 6 Berserk Bear has also targeted many state local and tribal government and aviation networks in the U S and as of October 1 2020 had exfiltrated data from at least two victim servers 4 In particular Berserk Bear is believed to have infiltrated the computer network of the city of Austin Texas during 2020 8 9 6 The group is capable of producing its own advanced malware although it sometimes seeks to mimic other hacking groups and conceal its activities 6 Indictments unsealed 2022 editIn 2021 federal grand juries in the United States indicted three personnel of the Russian Federal Security Service FSB and a civilian from the Central Scientific Research Institute of Chemistry and Mechanics CNIIHM These indictments were kept under seal until March 2022 when the United States publicly named the defendants and treated them as fugitives Evgeny Gladkikh edit Evgeny Gladkikh Russian Evgenij Gladkih is accused of targeting network connected safety equipment with the intent to gain the capability to sabotage them He was indicted in the U S District Court for the District of Columbia 10 Center 16 defendants edit The indictment in the case United States v Akulov et al is focused on members of a team within Center 16 Russian 16 j Centr a an FSB component also known as Military Unit 71330 Russian Bojskovaya chast B Ch 71330 The British Foreign Office states that the full name of Center 16 is Radio Electronic Intelligence by Means of Communication TsRRSS Russian Centr radioelektronnoj razvedki na sredstvah svyazi CPPCC 11 The U S v Akulov case was filed within the United States District Court for the District of Kansas 12 The named defendants are Pavel Aleksandrovich Akulov Russian Pavel Aleksandrovich Akulov b 2 July 1985 is described as a military officer assigned to Military Unit 71330 who held the rank of lieutenant as of 2013 Akulov is described as conducting surveillance and reconnaissance supporting the targeting of the Wolf Creek Generating Station computer network 12 Mikhail Mikhailovich Gavrilov Russian Mihail Mihajlovich Gavrilov b 7 November 1979 is described as Russian military intelligence officer assigned to Military Unit 71330 He has held the rank of captain and major He is described as conducting computer intrusions into the computer networks of Wolf Creek and another unnamed entity Company 7 used to access energy utility and critical infrastructure webmail login webpages 12 Marat Valeryevich Tyukov Russian Marat Valerevich Tyukov b 17 November 1982 is described as a Russian military intelligence officer assigned to Military Unit 71330 He is alleged to have gained unauthorized access to a server owned by an unnamed entity Company One that was used for command and control infrastructure He is also accused of tampering with updates to industrial control software which affected power and energy companies globally 12 FBI and Department of State designation edit The U S State Department Rewards for Justice Program is offering 10 million for tips leading that lead to the apprehension of the four named Berserk Bear suspects Wanted Posters nbsp English Language Reward Poster for Pavel Aleksandrovich Akulov Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov nbsp Russian Language Reward Poster for Pavel Aleksandrovich Akulov Mikhail Mikhailovich Gavrilov and Marat Valeryevich Tyukov nbsp English Language Reward Poster for Evgeny Viktorovich Gladkikh nbsp Russian Language Reward Poster for Evgeny Viktorovich GladkikhSee also edit2020 United States federal government data breach Cozy Bear Fancy BearReferences edit Center 16 is the translation contained within the indictments Elsewhere the Estonian Foreign Intelligence Service refers to the unit as 16th Centre see International Security and Estonia 2019 PDF valisluureamet ee Estonian Foreign Intelligence Service pp 56 60 Archived PDF from the original on 9 March 2022 Retrieved 6 April 2022 a b c Greenberg Andy The Russian Hackers Playing Chekhov s Gun With US Infrastructure Wired via www wired com How Microsoft names threat actors Microsoft Retrieved 21 January 2024 Dragonfly 2 0 IRON LIBERTY DYMALLOY Berserk Bear Group G0074 MITRE ATT amp CK attack mitre org a b Russian state hackers stole data from US government networks BleepingComputer Goodin Dan December 7 2020 NSA says Russian state hackers are using a VMware flaw to ransack networks Ars Technica a b c d Bowen Andrew S January 4 2021 Russian Cyber Units Report Congressional Research Service p 2 Retrieved July 25 2021 a b German intelligence agencies warn of Russian hacking threats to critical infrastructure CyberScoop May 26 2020 Hvistendahl Mara Lee Micah Smith Jordan December 17 2020 Russian Hackers Have Been Inside Austin City Network for Months The Intercept Austin officials quiet on reports that city network hacked www msn com Indictment PDF United States v Gladkikh Court Filing no 1 21 cr 00442 Docket 1 D D C 26 Aug 2021 retrieved 5 April 2022 via Recap PACER current docket view nbsp Russia s FSB malign activity factsheet gov uk Foreign Commonwealth amp Development Office 5 April 2022 Retrieved 6 April 2022 a b c d Indictment PDF United States v Akulov et al Court Filing no 1 21 cr 20047 Docket 3 D K S 26 Aug 2021 retrieved 5 April 2022 via Recap PACER current docket view nbsp Retrieved from https en wikipedia org w index php title Berserk Bear amp oldid 1218745192, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.