Russian Hackers Breached Texas City in October, Potentially Accessing Sensitive Information

Russian hackers are believed to have gained access to the official network of one of the largest U.S. cities in what may have been a months-long campaign, according to a Thursday report by The Intercept.

News of the potential citywide network breach in Austin, Texas, came in the midst of a reckoning within the U.S. government regarding a wider hacking incident that is believed to have compromised several federal agencies.

Documents obtained from the Microsoft Threat Intelligence Center (MSTIC) show a Russian hacking group known as Berserk Bear gained access to Austin's city network, according to The Intercept's report. A different Russian hacking group known as Cozy Bear is believed to have been behind the cyberattacks targeting federal agencies, according to a report by The Washington Post.

City officials in Austin did not confirm the alleged hack with The Intercept. Newsweek reached out to Mayor Steve Adler's office for comment but did not receive a response in time for publication.

Austin Texas Cyberattack Russian Hackers
Russian hackers are believed to have gained access to the city network in Austin, Texas, according to a Thursday report by The Intercept. iStock/Getty

Recent discussions among city officials and briefs from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) suggest there may have been warning signs about a possible network breach. The Intercept's report points to two Austin City Council meeting agendas in which council members discussed "confidential network security information" in conversations that were not open to the public.

The report also addresses two warnings from CISA and the FBI in October, the first of which sounded the alarm about potential threats directed at government networks on the "federal and state, local, tribal, and territorial" levels. A second warning issued on October 22 warned specifically against a "Russian state-sponsored APT [advanced persistent threat] actor" that the advisory said "conducted a campaign against a wide variety of U.S. targets." The advisory identified Berserk Bear and the other names by which the group is known as the suspected agent.

News of the reported Austin network hack came four days after Reuters reported that SolarWinds, an Austin-based IT company, acknowledged its Orion products were compromised in a separate incident. In a U.S. Securities and Exchange Commission filing on Monday, SolarWinds said it alerted 33,000 customers of the cyberattack and believed fewer than 18,000 customers who downloaded or updated their Orion products between March and June of this year may have been impacted.

SolarWinds' products are used by several federal and state agencies. The list of federal agencies that were impacted by the cyberattack include the Commerce Department, Treasury Department, Department of State, Department of Homeland Security and the Pentagon, according to The New York Times.

Russian leaders denied responsibility for the SolarWinds cyberattack earlier this week.