Sponsored Links

Russian state hackers appear to have breached a federal agency

Officials haven't confirmed the perpetrators.
BERLIN, GERMANY - MARCH 01:  In this photo illustration artwork found on the Internet showing Fancy Bear is seen on the computer of the photographer during a session in the plenary hall of the Bundestag, the German parliament, on March 1, 2018 in Berlin, Germany. German authorities announced yesterday that administrative computers of the German government, including those of government ministries and parliament, had been infiltrated with malware. Authorities said they suspect the Russian hacker group APT28, also known as Fancy Bear.  (Photo by Sean Gallup/Getty Images)
Sean Gallup/Getty Images
Jon Fingas
Jon Fingas|@jonfingas|October 3, 2020 5:33 PM

Russia’s 2020 hacking campaigns might have included a successful data breach at the US government. In the wake of a CISA notice warning of a cyberattack on an unnamed federal agency’s network, Wired and security company Dragos have obtained evidence suggesting Russia’s state-backed APT28 group, better known as Fancy Bear, was behind the hack.

The FBI reportedly sent alerts to some hacking victims in May warning that Fancy Bear was widely targeting US networks, including an IP address mentioned in the recent cyberattack notice. There was also “infrastructure overlap” and behavior patterns pointing to the Russian group, Dragos’ Joe Slowik said. Some of the IP addresses match criminal operations, but Slowik believed Fancy Bear might be reusing criminal tech to help cover its trail.

Security expert Costin Raiu added that an apparent copy of the malware uploaded to a research reposityory also appeared to be a unique combination of existing hacking tools that had no obvious connections to known hacking teams. While that doesn’t definitively link the malware to Fancy Bear, it suggests the attack was relatively sophisticated.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

The intruders used compromised logins to plant malware and get “persistent” access to systems on the agency’s network, using that to steal files.

US officials haven’t responded to requests for comment.

While it wouldn’t be shocking if Russia was behind the breach, it would still be worrying. It would indicate that Russia was not only launching an assault on US government systems, but managed to grab substantial data. It’s just a question of whether or not the damage was severe enough to significantly hamper operations.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Russian state hackers appear to have breached a federal agency