trending Market Intelligence /marketintelligence/en/news-insights/trending/tg4qodrfyjlrepj4z7vbtq2 content esgSubNav
In This List

US issues alert on Russian cyberattacks on energy sector, infrastructure

Podcast

Next in Tech | Episode 49: Carbon reduction in cloud

Blog

Using ESG Analysis to Support a Sustainable Future

Research

US utility commissioners: Who they are and how they impact regulation

Blog

Q&A: Datacenters: Energy Hogs or Sustainability Helpers?


US issues alert on Russian cyberattacks on energy sector, infrastructure

The U.S. government alerted the energy sector and other industries of an ongoing cyberattack campaign by Russia against American critical infrastructure.

The U.S. Department of Homeland Security's March 15 emergency alert alleged that Russian government-backed hackers since March 2016 have been targeting computer networks of U.S. government entities and critical infrastructure, including nuclear power plants, commercial facilities, and the energy, water, aviation and manufacturing sectors. The warning comes amid new sanctions declared the same day by the Trump administration against five Russian entities and 19 individuals for meddling in the 2016 presidential election and ongoing "destructive cyber-attacks and intrusions targeting critical infrastructure," including the power grid.

The U.S. Treasury Department issued the sanctions just over a week after a defected Russian spy and his daughter were targeted in an assassination attempt with a military-grade nerve agent in the U.K. The British government and NATO allies are holding the Russian government responsible for the chemical weapon attack that also hospitalized a police officer, exposed up to 500 people to the deadly poison and spurred 21 other individuals to seek medical treatment.

The alert by Homeland Security's Computer Emergency Readiness Team outlines techniques and tactics used by the Russian "threat actors" to target victims, including attacks on industrial control systems, spear-phishing emails from compromised legitimate accounts, watering-hole traps of frequently visited third-party websites, credential gathering, host-based exploitation, and open-source software and computer network reconnaissance.

Homeland Security and the FBI said Russia's cyberattack campaign seeks to compromise organizational networks of intended targets but also compromise "peripheral organizations such as trusted third-party suppliers with less secure networks." The hackers use the networks of these "staging targets" as "pivot points and malware repositories when targeting their final intended victims."

Additional information on the "ongoing campaign" was provided in a Sept. 6, 2017, report by Symantec on attacks on the energy sector in North America and Europe by the Russian hacker group known as Dragonfly or Energetic Bear.