Russian hackers have been caught accessing the computer networks of critical U.S. infrastructure.
The FBI warned the public on Aug. 20 that Russian hackers had breached computer systems at manufacturing plants, power grids, water treatment facilities, and other critical infrastructure in the United States.
Hackers tied to Russia’s Federal Security Service were caught by the FBI using cyberattacks to get into computer networks targeting a wide range of critical infrastructure and other organizations in the United States and across the world.
By gaining access to the devices over the past year, the hackers were able to steal configuration files for thousands of networking devices associated with U.S. entities across critical infrastructure sectors, the FBI said.
The hackers also used the unauthorized access to look around and collect intelligence in their victims’ networks, which revealed their interest in protocols and applications in control systems.
Dubbed “Berserk Bear” and “Dragonfly” by the cybersecurity community, the hackers have been targeting two key weaknesses in older or unsecured network devices—Simple Network Management Protocol (SNMP) and Cisco Smart Install—that no longer receive security updates, according to the FBI.
The energy, water, waste, telecommunication, industrial, aviation, and government sectors are more exposed to such risks as they struggle to replace or secure end-of-life equipment in their extensive frameworks.
The FBI and law enforcement also warned the public in 2018 and again in May about the cyber hackers.
In 2018, the federal Cybersecurity and Infrastructure Security Agency encouraged organizations to use detection and prevention guidelines to defend against such malicious activity. Administrators were encouraged to inspect the presence of network traffic flowing to or from unexpected addresses, unexplained activity, and the destruction of log files.
In May, organizations were again urged to review and act immediately to improve their security against cyberattacks specifically targeting operational technology and industrial control systems. The federal government also recommended that entities under attack remove their operational technology connections to the public internet.
