Updated: Russian State-Sponsored APT Actor Compromises U.S. Government Targets

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released an updated Joint Cybersecurity Advisory relating to Russian state-sponsored advanced persistent threat (APT) activity and is being provided to assist cybersecurity professionals in guarding against the persistent malicious actions of cyber actors.

Joint Cybersecurity Advisory: AA20-296A Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets provides information on Russian state-sponsored APT actor activity targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks.

Since at least September 2020, a Russian state-sponsored APT actor—known variously as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala in open-source reporting—has conducted a campaign against a wide variety of U.S. targets. The Russian state-sponsored APT actor has targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers.

An interactive heat map reveals the number and type of entities the Russian APT has targeted in each region. These totals include compromises, scanning, or other reconnaissance activity executed from the Russian APT actor infrastructure.

Recommendations

We encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.