An official statement from the Cybersecurity and Infrastructure Security Agency (CISA) placed the group known as Energetic Bear at the center of the breach. The hacks were unraveled followed by a joint effort of the CISA and the Federal Bureau of Investigation (FBI). The agencies noted that the group is also known as Dragonfly, Havex, Team Spy, Koala among other aliases.
Election information at stake
The group is believed to have breached networks of US state, local, territorial, and SLTT since at least February 2020. The statement adds that some of the aviation industry players were also targeted. With the US presidential election approaching, the CISA and FBI added that the hackers might have channeled malicious activities towards the SLTT government risking some of the election information on the network. According to CISA: The group’s activities are being monitored closely to ensure the election infrastructure has not been compromised. The group is accused of obtaining sensitive network configurations and passwords, IT instructions, purchasing information, and printing access badges. The CISA noted that the group is yet to cause any disruption in government operation. However, the group reportedly plans to continue with breaches aimed at influencing US policies.