As per KNOW’s threat intel dashboard, Energetic Bear was the most trending threat actor over the last seven days.
Energetic Bear: Who Are They?
Energetic Bear or Crouching Yeti is a widely known, Russian-state-sponsored APT (advanced persistent threat) group active since 2010. The group tends to attack different companies with a strong focus on industrial machinery. This group also targets manufacturing, pharmaceutical, construction, education, information technology.
The primary tactics of the group include sending phishing emails with malicious documents infecting various servers. The group uses some of the infected servers for auxiliary purposes, for hosting tools and logs. Some servers were deliberately infected to use them in waterhole attacks to reach the group’s main targets. Recent reports have found that the group is using publicly available toolsets like nmap, dirsearch, and sqlmap for their operation.
Why Is Energetic Bear Trending?
Cybersecurity officials have noticed a growing number of Russian state hackers crawling around American state and local government computer systems just two months before the latest elections. While this act isn’t unprecedented, Energetic Bear’s involvement has gotten everyone worried.
Over the previous five years, Energetic Bear has breached power grids, water treatment facilities, nuclear power plants (including one in Kansas), Wi-Fi systems at San Francisco International Airport, etc.
Thoughts From Twitter
BREAKING: U.S. administration officials have been watching Russia’s FSB penetrate state and local systems in recent weeks and believe they have pieced together Russia’s plans for election interference.
Russian state hackers Energetic Bear have exfiltrated data from at least 2 servers this month. Where was this news yesterday @DNI_Ratcliffe @TheJusticeDept Why are Americans being kept in the dark about ongoing attacks?
Since at least September 2020, a Russian state-sponsored actor—known variously as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala has conducted a campaign against a wide variety of US targets.
Energy Bears References On KNOW
- Total references detected: 3,000
- References in the last 60 days: 231
- Previous 7 days references: 134
Energy Bears Context From KNOW
- Hashes: 7
- Industries: Aerospace & Defense, Industrials, Energy & Natural Resources, Finance, Banking, and Electronics.
- Related vulnerabilities: 12
- Malware: ClientX, Havex, SysMain RAT, Ddex, and Karagany.
- Intrusion methods: Sniffer, Keylogger, Phishing, Data Breach, Security Breach, Data Exfiltration, Spam, and 15 more.
- Most recent sandbox sighting: Any Run Sandbox result for DeviceReactivationb0c.bin.zip
How Can KNOW Help Me Gain More Context on Energy Bears?
KNOW is Netenrich’s Threat Intel Platform that continually extracts information from billions of data points. It also correlates relevant intel and expert analyst insights to help you follow, search, and take action—in a fraction of the time it takes now.
Want to KNOW how this works behind the scenes? Check out this article.
Empower your SecOps team to access critical threat context that covers known associations with IOCs. You can directly copy or export lists to update firewalls, discover domains linked to significant threats, uncover new IPs to blacklist, see what industries are being targeted, and much more.
The best part? You will get all this for completely free.
So, what are you waiting for?Sign me up for KNOW!
By the way, do you want to know more rise of cybercrimes as we head into the 2020 U.S. Elections? In that case, check out what our CISO Brandon Hoffman has to say about that as part of our National Cyber Security Awareness Month series.Interesting. I want to check it out.