HOME

TheInfoList



Click Here for Items Related To - Berserk Bear
OR:
Berserk Bear on:   [Wikipedia]   [Google]   [Amazon]

Berserk Bear (aka Crouching Yeti, Dragonfly, Dragonfly 2.0, DYMALLOY, Energetic Bear, Havex, IRON LIBERTY, Koala, or TeamSpy) is a Russian cyber espionage group, sometimes known as an
advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may ...
. According to the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
, the group is composed of " FSB hackers," either those directly employed by the FSB or Russian civilian, criminal hackers coerced into contracting as FSB hackers while still
freelancing ''Freelance'' (sometimes spelled ''free-lance'' or ''free lance''), ''freelancer'', or ''freelance worker'', are terms commonly used for a person who is self-employed and not necessarily committed to a particular employer long-term. Freelance ...
or
moonlighting Moonlighting may refer to: * Side job A side job, also informally called a side hustle or side gig, is an additional job that a person takes in addition to their primary job in order to supplement their income. Side jobs may be done out of nec ...
as criminal hackers. Four accused Berserk Bear participants, three FSB staff and one civilian, have been indicted in the United States and are regarded by the
United States Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a federal executive department of the United States government tasked with the enforcement of federal law and administration of justice in the United State ...
as fugitives.


Activities

Berserk Bear specializes in compromising utilities infrastructure, especially that belonging to companies responsible for water or energy distribution. It has performed these activities in at least Germany and the U.S. These operations are targeted towards
surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as c ...
and technical reconnaissance. Berserk Bear has also targeted many state, local, and tribal government and aviation networks in the U.S., and as of October 1, 2020, had exfiltrated data from at least two victim servers. In particular, Berserk Bear is believed to have infiltrated the computer network of the city of
Austin, Texas Austin is the capital city of the U.S. state of Texas, as well as the county seat, seat and largest city of Travis County, Texas, Travis County, with portions extending into Hays County, Texas, Hays and Williamson County, Texas, Williamson co ...
, during 2020. The group is capable of producing its own advanced
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
, although it sometimes seeks to mimic other hacking groups and conceal its activities.


Indictments unsealed 2022

In 2021 federal grand juries in the United States indicted three personnel of the Russian
Federal Security Service The Federal Security Service of the Russian Federation (FSB) RF; rus, Федеральная служба безопасности Российской Федерации (ФСБ России), Federal'naya sluzhba bezopasnosti Rossiyskoy Feder ...
(FSB) and a civilian from the Central Research Institute of Chemistry and Mechanics (CNIIHM). These indictments were kept under seal until March 2022 when the United States publicly named the defendants and treated them as fugitives.


Evgeny Gladkikh

Evgeny Gladkikh ( rus, links=no, Евгений Гладких): is accused of targeting network-connected safety equipment with the intent to gain the capability to sabotage them. He was indicted in the U.S. District Court for the District of Columbia


"Center 16" defendants

The indictment in the case ''United States v. Akulov, et al.'' is focused on members of a team within "Center 16" ( rus, links=no, 16-й Центр) an FSB component also known as Military Unit 71330 ( rus, links=no, Bойсковая часть B/Ч 71330). The
British Foreign Office The Foreign, Commonwealth & Development Office (FCDO) is a department of the Government of the United Kingdom. Equivalent to other countries' ministries of foreign affairs, it was created on 2 September 2020 through the merger of the Foreign ...
states that the full name of Center 16 is "Radio-Electronic Intelligence by Means of Communication" (TsRRSS); rus, links=no, Центр радиоэлектронной разведки на средствах связи (ЦPPCC) The ''U.S. v. Akulov'' case was filed within the
United States District Court for the District of Kansas The United States District Court for the District of Kansas (in case citations, D. Kan.) is the federal district court whose jurisdiction is the state of Kansas. The Court operates out of the Robert J. Dole United States Courthouse in Kansas Ci ...
. The named defendants are: * Pavel Aleksandrovich Akulov ( rus, links=no, Павел Александрович Акулов, b. 2 July 1985) is described as a military officer assigned to Military Unit 71330, who held the rank of lieutenant as of 2013. Akulov is described as conducting surveillance and reconnaissance supporting the targeting of the
Wolf Creek Generating Station Wolf Creek Generating Station, a nuclear power plant located near Burlington, Kansas, occupies 9,818 acres (40 km²) of the total controlled by the owner. Wolf Creek, dammed to create Coffey County Lake (formerly Wolf Creek Lake), p ...
computer network. * Mikhail Mikhailovich Gavrilov ( rus, links=no, Михаил Михайлович Гаврилов, b. 7 November 1979) is described as Russian military intelligence officer assigned to Military Unit 71330. He has held the rank of captain and major. He is described as conducting computer intrusions into the computer networks of Wolf Creek and another unnamed entity ("Company 7") used to access energy, utility and critical infrastructure webmail login webpages. * Marat Valeryevich Tyukov ( rus, links=no, Марат Валерьевич Тюков , b. 17 November 1982) is described as a Russian military intelligence officer assigned to Military Unit 71330. He is alleged to have gained unauthorized access to a server owned by an unnamed entity ("Company One") that was used for command and control infrastructure. He is also accused of tampering with updates to industrial control software which affected power and energy companies globally.


FBI and Department of State designation

The U.S. State Department
Rewards for Justice Program The Rewards for Justice Program (RFJ) is the counterterrorism and counterintelligence platform administered by the U.S. Department of State's Diplomatic Security Service agency. The Rewards For Justice program is seeking information leading to the ...
is offering $10 million for tips leading that lead to the apprehension of the four named "Berserk Bear" suspects.


See also

* 2020 United States federal government data breach *
Cozy Bear Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security ...
* Fancy Bear


References

{{Hacking in the 2020s, state=autocollapse Hacking in the 2020s Information technology in Russia Russian advanced persistent threat groups Cybercrime Cyberwarfare Fugitives wanted by the United States