The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have reported about a Russian state-sponsored cyber actor that has attacked non-federal government and aviation networks.
Various state, local, territorial and tribal government bodies within the U.S. have experienced cyber threats from Russia-based actors identified with the names “Berserk Bear,” “Energetic Bear,” “Crouching Yeti,” "Koala," "TeamSpy," “Dragonfly,” and “Havex," CISA said Thursday.
The attacks may have started in September 2020, with at least two unauthorized data extrusions as of Oct. 1. The cyber actor steals credentials to access networks and exfiltrate high-value asset data.
Illicitly accessed information includes critical network passwords, procurement information and standard operating procedures. FBI and CISA have not identified cases of this actor targeting the upcoming U.S. elections, but will continue to surveil for such.
The list of internet protocol addresses used by the actor can be found here.