“New computer screenshots released by the Department of Homeland Security on Thursday made clear that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants.” Nicole Perlroth and David Sanger in the NYT: Cyberattacks Put Russian Fingers on the Switch at Power Plants. “The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will. United States officials and private security firms saw the attacks as a signal by Moscow that it could disrupt the West’s critical facilities in the event of a conflict. They said the strikes accelerated in late 2015, at the same time the Russian interference in the American election was underway. The attackers had compromised some operators in North America and Europe by spring 2017, after President Trump was inaugurated. In the following months, according to a Department of Homeland Security report issued on Thursday, Russian hackers made their way to machines with access to critical control systems at power plants that were not identified. The hackers never went so far as to sabotage or shut down the computer systems that guide the operations of the plants. Still, new computer screenshots released by the Department of Homeland Security on Thursday made clear that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants. “We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” said Eric Chien, a security technology director at Symantec, a digital security firm. “From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation,” Mr. Chien said. American intelligence agencies were aware of the attacks for the past year and a half, and the Department of Homeland Security and the F.B.I. first issued urgent warnings to utility companies in June. On Thursday, both agencies offered new details as the Trump administration imposed sanctions against Russian individuals and organizations it accused of election meddling and “malicious cyberattacks.”
- See also CERT Alert (TA18-074A) – Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Original release date: March 15, 2018 | Last revised: March 16, 2018. “This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS)…”
Sorry, comments are closed for this post.