View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

FBI, DHS accuse Russia of critical infrastructure cyber attacks

Spear-phishing emails, watering-hole-domains, and credential gathering are just some of the TTPs said to be used during a long running cyber campaign.

By James Nunns

A report from the FBI and Department of Homeland Security has accused Russia of undertaking a critical infrastructure cyber attack.

Already under the spotlight due to connections with the poisoning of a former double agent and for interfering in the 2016 US presidential elections, Russia has now been accused of hacking into American energy infrastructure.

Thought to begin in March 2016, hackers from the Russian government are said to have begun a campaign that sought to infiltrate US energy, nuclear, water, aviation and manufacturing, and commercial facilities.

An alert from DHS and the FBI said: “Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.

Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign.”

Tactics used by Russia are said to be: spear-phishing emails, watering-hole domains, credential gather, open-source and network reconnaissance, host-based exploitation, and targeting industrial control system infrastructure.

The alert said: “DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems.”

UK government pins NotPetya ransomware blame on Russia
Russian cyber attack could kill ‘thousands’ warns Defence Secretary
Who said the Cold War was over? Kaspersky security software removed by US government

The latest battlefield appears to be focusing on critical infrastructure, with few better ways to damage an economy and core of a country. Given that critical infrastructure is a likely target for focused aggression there needs to be more energy put into safeguarding these assets, something that isn’t helped by a large lack of skills.

Peter Woollacott, CEO of Huntsman Security said: “With the ISACA predicting a global shortage of two million cybersecurity jobs by 2019, caused by a shortage of cybersecurity analysts, there simply aren’t enough professionals to cope with the growing threat that critical infrastructure faces. Even before this announcement from the FBI and DHS national agencies were already reporting a significant increase in reported attacks, let alone those that pass undetected. As more elements of services move online, so there are many more opportunities for attackers of any size or capability to try their luck.

“Critical infrastructure faces a blizzard of attacks of varying sophistication – any one of which could be as damaging as WannaCry or Stuxnet. Even a simple DDoS attack has brought services such as Sweden’s trains to their knees recently. There’s no way to block all of these potential attacks at the walls of an organisation. Governments and businesses need to think very carefully about how we secure our infrastructure or else security analysts will soon be overwhelmed by the sheer volume they face.”

Of course, this isn’t the first cyber attack that Russia has been linked to, NotPetya being the latest example. Sanctions are being put in place, with more likely to be on their way, although they seem unlikely to have any real impact.

The full alert can be found here.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.