The baffling Berserk Bear: a decade’s activity targeting critical infrastructure
We don’t just talk about sharing. We do it every day.https://www.cyberthreatalliance.org/about-cta
Learn how to collaborate with the Cyber Threat Alliance to improve your overall cyber resilience.
We are a greater team when we work together; our collective efforts magnifies our success and
ensures that we are and remain cyber resilient.
Ransomware prevention starts with zerohttps://www.zscaler.com/solutions/security-transformation/ransomware-protection
Ransomware attacks are increasing 500% year-over-year.
Learn how Zscaler's Zero Trust Exchange helps minimize exposure, damage, and risk
at every stage of a ransomware attack.
Calling all Hackers!https://www.ise.io/careers/#op-470256-hacker-midseniorprincipal
We are hiring mid-senior-principal level hackers!
Remote option • Flex schedule • Unlimited vacation • Opportunities for research and publication
Threat Intelligence and Cyber Resiliencehttps://vblocalhost.com/programme/#TIPS
Join the VB2021 Threat Intelligence Practitioners' Summit (TIPS), sponsored by the Cyber Threat Alliance,
and learn how investment in threat intelligence builds cyber resilience, allowing you to be more effective
when addressing today's dynamic threat landscape.
Amazon Information Security - come build the future with us!https://www.amazon.jobs/en-gb/team/infosec
Do you want to work on privacy and security challenges at unprecedented scale?
We have Privacy and Information Security opportunities available now across
the United States, Dublin, Ireland, and Sydney, Australia.
Do you like doing work that matters to you… and really frustrates the bad guys?https://talosintelligence.com/careers
At Talos, our mission is to make the internet a safer place and fight the good fight for our customers
and users. If you think you have the expertise and attitude to help lead the world in cutting-edge security,
we’d like to talk.
QI-ANXIN Technology Group Inc. Leader of New Generation Cybersecurityhttps://ti.qianxin.com/marketing/vb2021/
QI-ANXIN Technology Group Inc. offers next generation enterprise-class cybersecurity products
and services to government and businesses. QI-ANXIN is the Official Cyber Security Services and
Anti-Virus Software Sponsor of the Olympic and Paralympic Winter Games Beijing 2022.
Farsight Security DNSDB® is the world's largest real-time and historical database of DNS resolutionshttps://www.farsightsecurity.com/get-started-guide/
DNSDB 2.0 introduces Flexible Search support, unlocking both Regular Expressions and Globbing syntaxes for more granular and accurate search results. Get your free DNSDB API key and use it in our newly updated
web GUI, DNSDB Scout as well as your own existing environments. Contextualize everything that is DNS related with one API key - DNSDB.
Looking for performance validation for your product?https://www.virusbulletin.com/testing/
Get an edge over your competitors with Virus Bulletin’s anti-malware & email security certification
programmes, supported by 30+ years of experience. Or take advantage of our bespoke testing service
offering valuable performance feedback for R&D. Email [email protected]
VirusTotal: Actionable crowdsourced threat intelligencehttps://www.virustotal.com/
Comprehensive context and cutting-edge functionality to proactively protect from cybersecurity threats.
F5 helps find malware hiding in plain sighthttps://www.f5.com/company/blog/half-the-world-s-malware-is-now-encrypted
Encrypted malware is becoming increasingly common, and daisy-chaining security devices is neither
cost-effective, nor efficient. Detecting and stopping malware doesn’t have to be overwhelming with
F5’s innovative products.
IoT security begins with your Smart TVhttps://chomar.link/smarttv
CHOMAR Smart TV Security.
Protect your Android Smart TV against malicious activities and use your IoT devices without any worries.
Stay ahead of threats with VirusTotalhttps://www.virustotal.com/
Stay ahead of the next generation of threats and get relevant insights to solve
the most critical security challenges.
Berserk thus appears a curious entity: capable of leveraging various sophisticated techniques, such as vendor and supply chain intrusions, to breach some of the most sensitive civilian institutions in Europe and North America, while seemingly doing nothing with such access. Yet such activity for all its lack of direct impact is not benign, and likely does not represent mere information gathering. Rather, Berserk’s actions represent long-term capability and access development designed to prepare for action in the most frightening of environments: outright conflict between Berserk’s sponsors or directors (likely Russian strategic leadership) and various Western interests.
In this paper, we will explore Berserk Bear’s decade of operations, including an overview of technical capabilities and efforts, to understand this enigmatic threat actor. While doing so, we will uncover items previously linked to this group’s activity and also disclose likely physical disruption operations caused by this group accidentally, resulting in significant damage to victim environments. As a result of this discussion, we will not only learn more about a particularly interesting threat actor, we will also discover vital aspects concerning supply chain intrusions, cyber contributions to preparation for kinetic warfare, and what happens when intrusions in cyber-physical environments produce unintended results.
Got a question about this presentation? To get in touch with the speaker, contact Joe on Twitter at @jfslowik or on email at [email protected].
Joe Slowik conducts threat research covering critical and industrial infrastructure. Since 2009, Joe has contributed to a variety of national security and commercial missions from the US Navy to various industrial sectors, while also producing significant research and analysis for general threat intelligence and threat hunting purposes.