Russia’s GRU hackers hit US government and energy targets

A previously unreported Fancy Bear campaign persisted for well over a year.

The FBI notified organizations in May that Russia's elite hackers had targeted them. The campaign likely remains ongoing.

Enlarge / The FBI notified organizations in May that Russia’s elite hackers had targeted them. The campaign likely remains ongoing. (credit: Natalia Koleskinova | Getty Images)

worms, blackouts, and—closest to home for Americans—a broad hacking-and-leaking operation designed to influence the outcome of the 2016 US presidential election. Now it appears the GRU has been hitting US networks again, in a series of previously unreported intrusions that targeted organizations ranging from government agencies to critical infrastructure.

From December 2018 until at least May of this year, the GRU hacker group known as APT28 or Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May and obtained by WIRED. According to the FBI, the GRU hackers primarily attempted to break into victims’ mail servers, Microsoft Office 365 and email accounts, and VPN servers. The targets included “a wide range of US-based organizations, state and federal government agencies, and educational institutions,” the FBI notification states. And technical breadcrumbs included in that notice reveal that APT28 hackers have targeted the US energy sector, too, apparently as part of the same effort.

Read 12 remaining paragraphs | Comments

Posted by Web Monkey