Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

Energetic Bear – KNOW Your Threat Actor

This threat actor has hacked nuclear plants and power grids.

Post by Rajarshi Mitra In Security on Oct 28, 2020

As per KNOW’s threat intel dashboard, Energetic Bear was the most trending threat actor over the last seven days.

Energetic bear

Energetic Bear: Who Are They?

Energetic Bear or Crouching Yeti is a widely known, Russian-state-sponsored APT (advanced persistent threat) group active since 2010. The group tends to attack different companies with a strong focus on industrial machinery. This group also targets manufacturing, pharmaceutical, construction, education, information technology.

The primary tactics of the group include sending phishing emails with malicious documents infecting various servers. The group uses some of the infected servers for auxiliary purposes, for hosting tools and logs. Some servers were deliberately infected to use them in waterhole attacks to reach the group’s main targets. Recent reports have found that the group is using publicly available toolsets like nmap, dirsearch, and sqlmap for their operation.

Why Is Energetic Bear Trending?

Cybersecurity officials have noticed a growing number of Russian state hackers crawling around American state and local government computer systems just two months before the latest elections. While this act isn’t unprecedented, Energetic Bear’s involvement has gotten everyone worried.

Over the previous five years, Energetic Bear has breached power grids, water treatment facilities, nuclear power plants (including one in Kansas), Wi-Fi systems at San Francisco International Airport, etc.

Thoughts From Twitter

@nicoleperlroth

BREAKING: U.S. administration officials have been watching Russia’s FSB penetrate state and local systems in recent weeks and believe they have pieced together Russia’s plans for election interference.

@OlgaNYC1211

Russian state hackers Energetic Bear have exfiltrated data from at least 2 servers this month. Where was this news yesterday @DNI_Ratcliffe @TheJusticeDept Why are Americans being kept in the dark about ongoing attacks?

@JenGriffinFNC

Since at least September 2020, a Russian state-sponsored actor—known variously as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala has conducted a campaign against a wide variety of US targets.

Energy Bears References On KNOW

Energetic bear

  • Total references detected: 3,000
  • References in the last 60 days: 231
  • Previous 7 days references: 134

Energy Bears Context From KNOW

Energetic bear

  • Hashes: 7
  • Industries: Aerospace & Defense, Industrials, Energy & Natural Resources, Finance, Banking, and Electronics.
  • Related vulnerabilities: 12
  • Malware: ClientX, Havex, SysMain RAT, Ddex, and Karagany.
  • Intrusion methods: Sniffer, Keylogger, Phishing, Data Breach, Security Breach, Data Exfiltration, Spam, and 15 more.
  • Most recent sandbox sighting: Any Run Sandbox result for DeviceReactivationb0c.bin.zip

How Can KNOW Help Me Gain More Context on Energy Bears?

KNOW is Netenrich’s Threat Intel Platform that continually extracts information from billions of data points. It also correlates relevant intel and expert analyst insights to help you follow, search, and take action—in a fraction of the time it takes now.

Want to KNOW how this works behind the scenes? Check out this article.

Empower your SecOps team to access critical threat context that covers known associations with IOCs. You can directly copy or export lists to update firewalls, discover domains linked to significant threats, uncover new IPs to blacklist, see what industries are being targeted, and much more.

The best part? You will get all this for completely free.

So, what are you waiting for?

Sign me up for KNOW!

 

By the way, do you want to know more rise of cybercrimes as we head into the 2020 U.S. Elections? In that case, check out what our CISO Brandon Hoffman has to say about that as part of our National Cyber Security Awareness Month series.

Interesting. I want to check it out.
CONNECT WITH US

About Author

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat, catching up on the latest Netflix docu-series.....or watching Harry Potter for the 5781241516th time.