Fancy Bear snuffles at the US energy sector. US indicts two Chinese hackers. Threats to industrial control systems.


By the CyberWire staff

Fancy Bear shows interest in the US energy sector.

WIRED reports that APT28 (also known as Fancy Bear), a unit of Russia’s GRU military intelligence agency, has been running “a broad hacking campaign against US targets” from December 2018 until at least May 2020. An FBI notification obtained by WIRED stated that the threat actor has been targeting “a wide range of US based organizations, state and federal government agencies, and educational institutions.” The FBI didn’t disclose which entities were targeted, but researchers at Dragos observed that one of APT28’s IP addresses listed in the alert also appeared in a Department of Energy advisory issued earlier this year. That advisory said the IP address had been used to probe login portals belonging to a US energy entity on Christmas Eve last year.

WIRED notes that, while another GRU unit (tracked as “Sandworm”) has historically been very active against the energy sector, APT28 hasn’t previously focused on this area. Dragos’s Joe Slowik told the publication, “Just given what we understand about how APT28 operates and its typical victimology, identifying that group interacting with the US energy sector would…

Read More…