The hack, believed to be carried out by Berserk Bear, is traced back to mid-October, the news outlet reported, and appears to have been used as a jumping-off point for more attacks. Berserk Bear could be part of Russia’s Federal Security Service, The Intercept said.
This is not the first attack linked back to Austin this year. Hackers tied to another group out of Russia were able to gain access to the U.S. Treasury and Commerce departments by planting malware in a SolarWinds software update. Organizations across the globe use SolarWinds, which is based in Austin, including Fortune 500 companies and multiple U.S. federal agencies.
The Intercept reported the City of Austin breach was outlined in documents from the Microsoft Threat Intelligence Center and said the city knew about the attacks since Oct. 9, when an alert was sent out. A few days later, city council had a closed meeting to discuss network security.
“While we are aware of this hacking group we cannot provide information about ongoing law enforcement investigations into criminal activity,” a City of Austin spokesperson said in a statement to KXAN Thursday. “The City follows the measures that the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI recommend for local governments.”
KXAN has also reached out to the FBI on this case. While a spokeswoman said she would look into it, she added the agency typically doesn’t confirm or deny investigations.
A city IP address was part of a list of compromise indicators, MSTIC documents showed. Close to 100 malware samples were found to be communicating with the address, according to The Intercept.
The Intercept said malware is still interfering with the city’s network and was reported as recently as this month.
Biden addresses cybersecurity
President-elect Joe Biden said in a statement Thursday he will make cybersecurity one of his top priorities when he makes the transition into office.
“We will elevate cybersecurity as an imperative across the government, further strengthen partnerships with the private sector, and expand our investment in the infrastructure and people we need to defend against malicious cyber attacks,” the statement read.