View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Second Critical Electricity Network Provider Hacked in 8 Weeks

Second electricity market actor to be hit in eight weeks

By CBR Staff Writer

Elexon, an organisation that is central to the balancing and settlement of the UK electricity market has been hit by a cyber attack that has knocked out its internal emails, the second such worrying incident for Europe’s power market in eight weeks, as malware creeps closer to critical national infrastructure.

The incident, reported on Thursday afternoon, crippled its email server in an attack that bears the hallmark of ransomware. Elexon says its “central systems” were unaffected and that it has identified the “root cause”. Its 100+ London staff are unable to send or receive emails from official addresses.

The company was reported as recently as March to have been running an unpatched Pulse Secure VPN server, according to scans by Bad Packets. This is currently among the juiciest of targets for cyber criminals.

As US government agencies warned yesterday, “Malicious cyber actors are increasingly targeting unpatched Virtual Private Network vulnerabilities (including) an arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781 [and] an arbitrary file reading vulnerability in Pulse Secure VPN servers, known as CVE-2019-11510.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Elexon runs the UK’s balancing and settlement code (BSC).

It also compares “much electricity generators and suppliers say they will produce or consume with actual volumes. We then work out a price for the difference and transfer funds. This involves taking 1.25 million meter readings every day and handling £1.5 billion of our customers’ funds each year.”

The incident comes just two months after the organisation responsible for overseeing the operations of Europe’s high voltage power infrastructure was also hit by a malware campaign. ENTSO-E, formed in 2008, represents 42 Transmission System Operators (TSOs) across 35 member states.

The organisation said tersely on March 9 that it had “recently found evidence of a successful cyber intrusion into its office network.”

Neither Elexon not ENTSO-E have publicly published further details of the intrusion, initial vector, or malware type. While successful network segmentation appears to have minimised the impact, market observers will be concerned at ransomware attacks creeping increasingly closer to CNI.

See also: Ransomware is Encrypting Backups Too, Warns NCSC — From Cloud, to USB


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.