Security News > 2022 > March > U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide
2022-03-25 08:54

The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond.

"The conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data," the U.S. government said, attributing the attacks to an APT actor known as Energetic Bear.

The Justice Department charged four Russian government employees, including three officers of the Russian Federal Security Service and a computer programmer at the Central Scientific Research Institute of Chemistry and Mechanics, for their roles in carrying out the attacks on oil refineries, nuclear facilities, and energy companies.

The seven-year-long global energy sector campaign is said to have taken advantage of spear-phishing emails, trojanized software updates, and redirects to rogue websites to gain initial access, using it to deploy remote access trojans like Havex on compromised systems.

Also detailed by the security agencies is a 2017 campaign engineered by cyber actors with ties to TsNIIKhM with the goal of manipulating the industrial control systems of an unnamed oil refinery located in the Middle East by leveraging a piece of malware called TRITON. "TRITON was designed to specifically target Schneider Electric's Triconex Tricon safety systems and is capable of disrupting those systems," the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Energy said.

"The potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations essential to sustaining our communities is a reality in today's world," said U.S. Attorney Duston Slinkard for the District of Kansas.


News URL

https://thehackernews.com/2022/03/us-charges-4-russian-govt-employees.html