{"id":96407,"date":"2020-10-27T08:00:14","date_gmt":"2020-10-27T12:00:14","guid":{"rendered":"http:\/\/kendallharmon.net\/?p=96407"},"modified":"2020-10-27T18:02:18","modified_gmt":"2020-10-27T22:02:18","slug":"wired-the-russian-hackers-playing-chekhovs-gun-with-us-infrastructure","status":"publish","type":"post","link":"https:\/\/kendallharmon.net\/?p=96407","title":{"rendered":"(Wired) The Russian Hackers Playing ‘Chekhov’s Gun’ With US Infrastructure"},"content":{"rendered":"

Over the last<\/span> half a decade, Russian state-sponsored hackers have triggered blackouts in Ukraine<\/a>, released history’s most destructive computer worm<\/a>, and stolen and leaked emails from Democratic targets in an effort to help elect Donald Trump<\/a>. In that same stretch, one particular group of Kremlin-controlled hackers has gained a reputation for a very different habit: walking right up to the edge of cybersabotage\u2014sometimes with hands-on-the-switches access to US critical infrastructure\u2014and stopping just short.<\/p>\n

Last week the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published an advisory warning<\/a> that a group known as Berserk Bear\u2014or alternately Energetic Bear, TEMP.Isotope, and Dragonfly\u2014had carried out a broad hacking campaign against US state, local, territorial, and tribal government agencies, as well aviation sector targets. The hackers breached the networks of at least two of those victims. The news of those intrusions, which was reported earlier last week by the news outlet Cyberscoop<\/a>, presents the troubling but unconfirmed possibility that Russia may be laying the groundwork to disrupt the 2020 election with its access to election-adjacent local government IT systems.<\/p>\n

In the context of Berserk Bear’s long history of US intrusions, though, it’s much harder to gauge the actual threat it poses. Since as early as 2012, cybersecurity researchers have been shocked to repeatedly find the group’s fingerprints deep inside infrastructure around the globe, from electric distribution utilities to nuclear power plants. Yet those researchers also say they’ve never seen Berserk Bear use that access to cause disruption. The group is a bit like Chekhov’s gun, hanging on the wall without being fired through all of Act I\u2014and foreshadowing an ominous endgame at a critical moment for US democracy.<\/p>\n

“What makes them unique is the fact that they have been so focused on infrastructure throughout their existence, whether it’s mining, oil, and natural gas in different countries or the grid,” says Vikram Thakur, a researcher at security firm Symantec who has tracked the group over several distinct hacking campaigns since 2013. <\/p>\n

Read it all<\/a>.<\/p>\n

\n

The US gov called out a lot of Russian hackers' cyberattacks in the past week. But most puzzling are the warnings about those who *haven't* attacked. What are we to make of a group that's dug into US infrastructure for years but never pulled the trigger? https:\/\/t.co\/q0hGqDWzl8<\/a><\/p>\n

— Andy Greenberg (@a_greenberg) October 27, 2020<\/a><\/p><\/blockquote>\n