In an advisory warning published last week by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the government notified the public of a sophisticated Russian hacking group called Berserk Bear.
The group allegedly carried out a broad hacking campaign targeting US state, local, and territorial government agencies, as well as several aviation sector organizations. According to the report, hackers breached at least two of the targeted networks. The news is alarming as it points to Russian interference in the 2020 elections, although the scope of the campaign is largely unknown.
Beserk Bear has a history of intrusions on the US and its infrastructure, although it is difficult to determine the threat that the group poses to US national security. Although the group has gained leverage inside global infrastructure ranging from nuclear power plants to electric distribution utilities, the group rarely uses their access to cause disruption.
Therefore the threat actor group has been referred to as Checkhov’s gun, hanging on the wall without ever being fired. Berserk Bear’s ability to gain access to sensitive information yet refrain from launching ransomware, malware, botnets, or Trojans, attacks points to the idea that they may be planning a much bigger, disastrous attack. More at WIRED