Security News > 2022 > March > DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
2022-03-25 21:25

Researchers have compared Triton's targeting of industrial control systems to malware used in the watershed attacks Stuxnet and Industroyer/Crashoverride, the latter of which is a backdoor that targets ICS and which took down the Ukrainian power grid in Kiev in 2016.

The indictment that names the FSB officers alleges that, between 2012 and 2017, Akulov, Gavrilov, Tyukov and their co-conspirators engaged in computer intrusions, including supply chain attacks, "In furtherance of the Russian government's efforts to maintain surreptitious, unauthorized and persistent access to the computer networks of companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies."

"Access to such systems would have provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing," according to the DOJ's press release.

"After unsuspecting customers downloaded Havex-infected updates, the conspirators would use the malware to, among other things, create backdoors into infected systems and scan victims' networks for additional ICS/SCADA devices," according to the DOJ. The gang allegedly managed to install malware on more than 17,000 unique devices in the United States and abroad, including ICS/SCADA controllers used by power and energy companies.

"Moreover, after establishing an illegal foothold in a particular network, the conspirators typically used that foothold to penetrate further into the network by obtaining access to other computers and networks at the victim entity," according to the DOJ. Dragonfly 2.0 also entailed a watering-hole attack wherein the alleged attackers exploited publicly known vulnerabilities in content management software to compromise servers that hosted websites commonly visited by ICS/SCADA system and other energy sector engineers.

"Energy sector entities should be reviewing their digital footprint and taking action to secure their external-facing assets, especially as the threat of Russian cyberattacks intensifies," he said.


News URL

https://threatpost.com/doj-indicts-russian-govt-employees-over-targeting-power-sector/179108/