Breaking News

Report: Hackers target City of Austin networks

 AUSTIN, Texas — The City of Austin said it is working with federal agencies after reports Russian hackers breached the city’s networks.

According to a report from the Intercept, “state-sponsored hackers believed to be from Russia have breached the city network.” City officials told KVUE they are aware of the hacking group but cannot comment on an ongoing investigation.

The breach is believed to have started in October as part of a series of hacks allegedly carried out by the group Berserk Bear, as reportedly revealed by Microsoft Threat Intelligence Center documents obtained by the Intercept.

According to an October CISA alert, a Russian state-sponsored actor was targeting federal, state, territorial and tribal government networks and aviation networks. CISA urged entities to perform a full password reset and systematically rebuild the network. A statement following the alert named Berserk Bear as the actor, with Texas included in a map of compromised targets.

On Oct. 13, the City Council went into a closed meeting to discuss “confidential network security information.”

"While we are aware of this hacking group we cannot provide information about ongoing law enforcement investigations into criminal activity. The city follows the measures that the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI recommend for local governments," the City told KVUE.

Berserk Bear is separate from another Russian group believed to be behind a data breach at Austin-based SolarWinds.

The SolarWinds server software is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies, which are now scrambling to patch up their networks, according to the Associated Press.

Malware gave the hackers remote access to victims’ networks, and SolarWinds grants “God-mode” access to a network, making everything visible.

Over the weekend, CISA directed all civilian agencies of the federal government to remove SolarWinds from their servers. The cybersecurity agencies of Britain and Ireland issued similar alerts.

Source -

No comments