Berserk Bear (also known as BROMINE, Crouching Yeti, Dragonfly, Dragonfly 2.0, DYMALLOY, Energetic Bear, Ghost Blizzard, Havex, IRON LIBERTY, Koala, or TeamSpy) is a Russian cyber espionage group, sometimes known as an

advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a State (polity), state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the ...

. According to the

United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...

, the group is composed of " FSB hackers," either those directly employed by the FSB or Russian civilian, criminal hackers coerced into contracting as FSB hackers while still

freelancing ''Freelance'' (sometimes spelled ''free-lance'' or ''free lance''), ''freelancer'', or ''freelance worker'', are terms commonly used for a person who is self-employed and not necessarily committed to a particular employer long-term. Freelance w ...

moonlighting Moonlighting may refer to: * Side job, a job taken in addition to one's primary employment Entertainment * ''Moonlighting'' (film), a 1982 drama film by Jerzy Skolimowski * ''Moonlighting'' (TV series), 1985–1989 American television series, s ...

as criminal hackers. Four accused Berserk Bear participants, three FSB staff and one civilian, have been indicted in the United States and are regarded by the

United States Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a United States federal executive departments, federal executive department of the U.S. government that oversees the domestic enforcement of Law of the Unite ...

as fugitives.

Activities

Berserk Bear specializes in compromising utilities infrastructure, especially that belonging to companies responsible for water or energy distribution. It has performed these activities in at least Germany and the U.S. These operations are targeted towards

surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing, or directing. This can include observation from a distance by means of electronic equipment, such as ...

and technical reconnaissance. Berserk Bear has also targeted many state, local, and tribal government and aviation networks in the U.S., and as of October 1, 2020, had exfiltrated data from at least two victim servers. In particular, Berserk Bear is believed to have infiltrated the computer network of the city of

Austin, Texas Austin ( ) is the List of capitals in the United States, capital city of the U.S. state of Texas. It is the county seat and most populous city of Travis County, Texas, Travis County, with portions extending into Hays County, Texas, Hays and W ...

, during 2020. The group is capable of producing its own advanced

malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...

, although it sometimes seeks to mimic other hacking groups and conceal its activities.

Indictments unsealed 2022

In 2021 federal grand juries in the United States indicted three personnel of the Russian

Federal Security Service The Federal Security Service of the Russian Federation �СБ, ФСБ России (FSB) is the principal security agency of Russia and the main successor agency to the Soviet Union's KGB; its immediate predecessor was the Federal Counterin ...

(FSB) and a civilian from the

Central Scientific Research Institute of Chemistry and Mechanics The Federal State Unitary Enterprise Central Scientific Research Institute of Chemistry and Mechanics (, abbreviated as TsNIIKhM or CNIIHM) is a research institute in Russia, established in 1894. Its headquarters are in Nagatinskaya Street in Mosco ...

(CNIIHM). These indictments were kept under seal until March 2022 when the United States publicly named the defendants and treated them as fugitives.

Evgeny Gladkikh

Evgeny Gladkikh (): is accused of targeting network-connected safety equipment with the intent to gain the capability to sabotage them. He was indicted in the U.S. District Court for the District of Columbia

"Center 16" defendants

The indictment in the case ''United States v. Akulov, et al.'' is focused on members of a team within "Center 16" () an FSB component also known as Military Unit 71330 (). The

British Foreign Office The Foreign, Commonwealth and Development Office (FCDO) is the ministry of foreign affairs and a ministerial department of the government of the United Kingdom. The office was created on 2 September 2020 through the merger of the Foreign an ...

states that the full name of Center 16 is "Radio-Electronic Intelligence by Means of Communication" (TsRRSS); The ''U.S. v. Akulov'' case was filed within the

United States District Court for the District of Kansas The United States District Court for the District of Kansas (in case citations, D. Kan.) is the federal district court whose jurisdiction is the state of Kansas. The Court operates out of the Robert J. Dole United States Courthouse in Kansas Ci ...

. The named defendants are: * Pavel Aleksandrovich Akulov (, b. 2 July 1985) is described as a military officer assigned to Military Unit 71330, who held the rank of lieutenant as of 2013. Akulov is described as conducting surveillance and reconnaissance supporting the targeting of the

Wolf Creek Generating Station Wolf Creek Generating Station is a nuclear power plant located near Burlington, Kansas. It occupies of the total controlled by the owner. Its namesake, Wolf Creek, was dammed to create Coffey County Lake (formerly Wolf Creek Lake), and provi ...

computer network. * Mikhail Mikhailovich Gavrilov (, b. 7 November 1979) is described as Russian military intelligence officer assigned to Military Unit 71330. He has held the rank of captain and major. He is described as conducting computer intrusions into the computer networks of Wolf Creek and another unnamed entity ("Company 7") used to access energy, utility and critical infrastructure webmail login webpages. * Marat Valeryevich Tyukov (, b. 17 November 1982) is described as a Russian military intelligence officer assigned to Military Unit 71330. He is alleged to have gained unauthorized access to a server owned by an unnamed entity ("Company One") that was used for command and control infrastructure. He is also accused of tampering with updates to industrial control software which affected power and energy companies globally.

FBI and Department of State designation

The

U.S. State Department The United States Department of State (DOS), or simply the State Department, is an executive department of the U.S. federal government responsible for the country's foreign policy and relations. Equivalent to the ministry of foreign affairs ...

Rewards for Justice Program Rewards for Justice Program (RFJ) is United States Department of State's national security interagency program that offers reward for information leading to the location or an arrest of leaders of terrorist groups, financiers of terrorism, inclu ...

is offering $10 million for tips that lead to the apprehension of the four named "Berserk Bear" suspects.

References