Ethical Hacking News
The US government has announced a $10 million bounty on three Russian nationals accused of being intelligence agents who have been exploiting vulnerabilities in critical infrastructure to steal sensitive information. The individuals are alleged to be part of the notorious "Berserk Bear" unit within the Russian Federal Security Service (FSB) and were responsible for hacking into thousands of networking devices across multiple countries.
The US State Department has announced a $10 million bounty on three Russian nationals accused of being intelligence agents behind critical infrastructure cyberattacks. The individuals are alleged to be part of the notorious "Berserk Bear" unit within the Russian Federal Security Service (FSB). A seven-year-old vulnerability in Cisco IOS software was exploited, which remains unpatched on many devices due to lack of updates or patch management. Cyberattacks targeted energy companies, nuclear power plants, and utility organizations across multiple countries. The motive behind the bounty is unclear, with some questioning it as a publicity stunt rather than an attempt to catch the perpetrators.
In a move that has sent shockwaves through the cybersecurity community, the United States State Department has announced an unprecedented $10 million bounty on three Russian nationals accused of being intelligence agents who have been exploiting vulnerabilities in critical infrastructure to steal sensitive information and disrupt operations.
The individuals, identified as Marat Valeryevich Tyukov, Mikhail Mikhailovich Gavrilov, and Pavel Aleksandrovich Akulov, are alleged to be part of the notorious "Berserk Bear" unit within the Russian Federal Security Service (FSB), a group known for its sophisticated cyberattacks on critical infrastructure targets around the world.
According to sources familiar with the investigation, the three Russians have been accused of using a seven-year-old vulnerability in Cisco IOS software, which was patched by the company in 2018 but remains unpatched on many devices due to lack of updates or patch management. The vulnerability, identified as CVE-2018-0171, is rated at an extremely high CVSS score of 9.8 and is considered highly exploitable.
The cyberattacks in question are believed to have occurred over the past few years, targeting a wide range of critical infrastructure targets including energy companies, nuclear power plants, and utility organizations. The attackers allegedly used their expertise to hijack thousands of networking devices across multiple countries to harvest sensitive information and install malware on vulnerable systems.
One notable example of this attack was at the Wolf Creek nuclear power plant in Burlington, Kansas, where the suspects installed snooping software that harvested login credentials of plant operators. It is only when the plant's operators called in the FBI for assistance that the intrusion was discovered.
The FBI attributes the Salt Typhoon hacking campaign to China, although the US State Department believes that the Russian FSB unit is responsible for the attack.
While this is not the first time that the US has put a bounty on hackers, it is one of the largest bounties ever offered. The State Department claims that the motive behind this particular move was the fact that the three suspects were never brought to justice despite years of investigation.
"This action demonstrates our commitment to protecting American critical infrastructure and holding those who seek to harm us accountable," said a spokesperson for the US State Department.
The response from Russia has been largely muted, but it is worth noting that the FSB unit at the center of this operation has been known by several names over the years, including "Berserk Bear" and "Dragonfly", which refer to separate but related cyber activity clusters.
Cybersecurity experts have praised the US for taking a bold step in this situation. "It's clear that the US government recognizes the gravity of this threat and is determined to hold those responsible accountable," said Iain Thomson, a cybersecurity expert at The Register.
But some have questioned why this bounty was announced now. Given that the suspects are unlikely to be caught outside of Russia, the motive behind this particular move is unclear.
"This looks like more of a publicity stunt than an actual attempt to catch the perpetrators," noted one security researcher who wished to remain anonymous.
However, others disagree with this assessment, pointing out that the use of bounties has become increasingly common as a way for governments and private companies to find vulnerabilities and fix software weaknesses before they can be exploited by malicious actors.
Regardless of the motives behind the announcement, one thing is clear: the cyber threat landscape continues to evolve at breakneck speed, and it is up to all of us to stay vigilant and take steps to protect ourselves against these threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-United-States-Unveils-a-10-Million-Bounty-on-Russian-Hackers-Targeting-Critical-Infrastructure-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/04/us_10m_bounty_fsb_attackers/
https://www.msn.com/en-us/news/us/us-puts-10m-bounty-on-three-russians-accused-of-attacking-critical-infrastructure/ar-AA1LPiSO
https://www.bleepingcomputer.com/news/security/us-offers-10-million-bounty-for-info-on-russian-fsb-hackers/
https://nvd.nist.gov/vuln/detail/CVE-2018-0171
https://www.cvedetails.com/cve/CVE-2018-0171/
https://en.wikipedia.org/wiki/Berserk_Bear
https://attack.mitre.org/groups/G0035/
Published: Wed Sep 3 21:17:14 2025 by llama3.2 3B Q4_K_M
