Security News > 2022 > March > U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide
The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond.
"The conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data," the U.S. government said, attributing the attacks to an APT actor known as Energetic Bear.
The Justice Department charged four Russian government employees, including three officers of the Russian Federal Security Service and a computer programmer at the Central Scientific Research Institute of Chemistry and Mechanics, for their roles in carrying out the attacks on oil refineries, nuclear facilities, and energy companies.
The seven-year-long global energy sector campaign is said to have taken advantage of spear-phishing emails, trojanized software updates, and redirects to rogue websites to gain initial access, using it to deploy remote access trojans like Havex on compromised systems.
Also detailed by the security agencies is a 2017 campaign engineered by cyber actors with ties to TsNIIKhM with the goal of manipulating the industrial control systems of an unnamed oil refinery located in the Middle East by leveraging a piece of malware called TRITON. "TRITON was designed to specifically target Schneider Electric's Triconex Tricon safety systems and is capable of disrupting those systems," the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Energy said.
"The potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations essential to sustaining our communities is a reality in today's world," said U.S. Attorney Duston Slinkard for the District of Kansas.
News URL
https://thehackernews.com/2022/03/us-charges-4-russian-govt-employees.html
Related news
- Russian military hackers linked to critical infrastructure attacks (source)
- Chinese hacking groups target Russian government, IT firms (source)
- SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Despite Russia warnings, Western critical infrastructure remains unprepared (source)