xanix
Advanced
- Joined
- 20.10.20
- Messages
- 111
- Reaction score
- 803
- Points
- 93
Foreign government-funded hackers broke into the computer networks of the city of Austin, Texas. As reported by The Intercept, hackers carried out the attack in mid-October of this year and used the network as an infrastructure for cyber attacks. By hacking into Austin's network, criminals could theoretically gain access to confidential information about the police, city government and elections, and even to the water and energy networks.
Information about the hacking of Austin's computer networks, which was not previously reported, was discovered in documents prepared by Microsoft Threat Intelligence Center (MSTIC) specialists, as well as thanks to data from the VirusTotal website. VirusTotal cataloged 97 malware samples that experts noticed were linked to the IP address of Austin city networks.
The list of indicators of compromise accompanied an alert about the Berserk Bear grouping (also known as Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti and Koala) that MSTIC provided to Microsoft's public sector customers in mid-November. The IP address of the Austin City Networks was the only government IP address on the MSTIC list. The rest were owned by cloud hosting providers such as Amazon, DigitalOcean, Microsoft Azure, the German company Hetzner, as well as the Turkish mobile operator Turkcell.
The next day, MSTIC distributed a copy of the same warning, but without the IP address of the Austin city networks. It's possible that Microsoft initially included it as an indicator of hacking by mistake, but malware activity according to VirusTotal makes such a scenario unlikely.
The Austin City Council is believed to have known about the hack since October. On October 9, CISA and the FBI issued a warning about APT targeting state and local governments, later linking the malicious campaign to Berserk Bear. on october 13, the city council held a closed meeting to discuss " confidential information about network security." Two days later, the council again discussed this issue at a meeting.
On December 8, according to a transcript of a city council meeting, the city approved a $ 2.4 million contract for cyber insurance, a product that typically covers losses from data leaks and hacks.
Information about the hacking of Austin's computer networks, which was not previously reported, was discovered in documents prepared by Microsoft Threat Intelligence Center (MSTIC) specialists, as well as thanks to data from the VirusTotal website. VirusTotal cataloged 97 malware samples that experts noticed were linked to the IP address of Austin city networks.
The list of indicators of compromise accompanied an alert about the Berserk Bear grouping (also known as Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti and Koala) that MSTIC provided to Microsoft's public sector customers in mid-November. The IP address of the Austin City Networks was the only government IP address on the MSTIC list. The rest were owned by cloud hosting providers such as Amazon, DigitalOcean, Microsoft Azure, the German company Hetzner, as well as the Turkish mobile operator Turkcell.
The next day, MSTIC distributed a copy of the same warning, but without the IP address of the Austin city networks. It's possible that Microsoft initially included it as an indicator of hacking by mistake, but malware activity according to VirusTotal makes such a scenario unlikely.
The Austin City Council is believed to have known about the hack since October. On October 9, CISA and the FBI issued a warning about APT targeting state and local governments, later linking the malicious campaign to Berserk Bear. on october 13, the city council held a closed meeting to discuss " confidential information about network security." Two days later, the council again discussed this issue at a meeting.
On December 8, according to a transcript of a city council meeting, the city approved a $ 2.4 million contract for cyber insurance, a product that typically covers losses from data leaks and hacks.