FBI, DHS Say Russian Hackers Targeting US State and Local Networks

October 23, 2020 Updated: October 23, 2020

Russian hackers have in recent days been attempting to infiltrate U.S. state and local government computer networks, and have successfully stolen data from at least two servers, U.S. government agencies said on Thursday.

In an alert sent out on Thursday, less than two weeks before the U.S. presidential election, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned of the activity by a Russian state-sponsored hacking group, sometimes referred to by researchers as Berserk Bear, Dragonfly, Energetic Bear, TeamSpy, Havex, Crouching Yeti, and Koala.

Dozens of state, local, tribal, and territorial U.S. governments, as well as aviation networks were targeted by the group, the agencies said in a joint alert.

“Since at least September 2020, a Russian state-sponsored APT [advanced persistent threat] actor … has conducted a campaign against a wide variety of U.S. targets,” the FBI and CISA wrote.

“The Russian state-sponsored APT actor has targeted dozens of SLTT [state, local, territorial, and tribal] government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of Oct. 1, 2020, exfiltrated data from at least two victim servers,” the alert said.

“The Russian-sponsored APT actor is obtaining user and administrator credentials to establish initial access, enable lateral movement once inside the network, and locate high value assets in order to exfiltrate data.”

Those who were targeted are not identified in the advisory by name or location, but the agencies said they had no information to indicate the hackers had intentionally disrupted any elections or government operations.

“However, the actor may be seeking access to obtain future disruption options, to influence U.S. policies and actions, or to delegitimize SLTT government entities,” the alert said.

The alert comes amid heightened concern about hacking ahead of the U.S. presidential election on Nov. 3.

Earlier this year, top U.S. officials said the chief foreign threat to election security is the Chinese Communist Party (CCP).

Attorney General William Barr told CNN on Sept. 2 that he believes the CCP poses the greatest threat, pushing back on largely Democrat claims that the Kremlin is trying to meddle in the election to secure Trump’s reelection.

barr operation legend
Attorney General William Barr speaks on Operation Legend, during a press conference in Chicago, Illinois, on Sept. 9, 2020. (Kamil Krzaczynski via Getty Images)

“I believe it’s China,” Barr said at the time. “China more than Russia right now.” But he stressed that he wouldn’t be surprised if Russia or another foreign state actor tries to meddle in the election just as they did during the 2016 election.

Meanwhile, William Evanina, director of the National Counterintelligence and Security Center, which is part of the Office of the Director of National Intelligence, found that China, Russia, and Iran are seeking to undermine the 2020 U.S. elections. Evanina said the Chinese regime is on the top of its list, saying Beijing has escalated its influence efforts to shape U.S. policy, pressure politicians, and tamp down criticism of the CCP.

Jack Phillips and Reuters contributed to this report.