Hackers have been targeting nuclear, energy, water, aviation and other critical industrial firms since May 2017.
In a rare public announcement, the government of the US, specifically the Department of Homeland Security (DHS) and Federal Bureau of Investigation stated in a report that Hackers have been using spear-phishing emails, malicious websites and watering hole attacks in order to gain access and infiltrate networks.
According to the DHS, the hackers are attempting to gain access to delicate information regarding the companies’ organizational design, equipment and “control system capabilities” in order to infiltrate and damage the firm’s networks. The report states the phishing campaigns focuses on two types of objectives, these are staging and intended targets. Hackers primarily attack the “staging targets” which include peripheral and third-party organizations that are tied to the primary organizations and, thus, have networks with less security.
Although the report made by the DHS did not release the names of the targeted companies in these attacks, they have noted that hackers have successfully compromised some targeted networks, which includes conducting reconnaissance on an energy generator’s network.
“DHS reviews this activity as a multi-stage intrusion campaign by hackers targeting small, low-security networks to gain access and move to higher value asset owners within the energy sector. Based on a multitude of factors, the DHS has concluded this campaign is still running, and hackers are pursuing their ultimate goals over a long-term campaign.”
“Working with international partners and the US, the DHS and FBI have identified victims in energy sectors,” is read in the report. The report also states that the attacks on the energy sectors have had various results, oscillating among cyber espionage and disruption of energy systems in the event of a hostile conflict.
One of the suspects that have been identified by the DHS, FBI and “trusted partners” is the Dragonfly hacker group that was reported on by Symantec researchers in September as a “new wave of cyber attacks” launched by the mentioned group.
Symantec researchers declared in September “The Dragonfly group is apparently interested in learning how energy facilities operate and gaining access to operational systems themselves, to the point that the group now has the ability to gain control of these systems or sabotage should it decide to do so.”
According to Reuters, targeted companies of the energy, nuclear and manufacturing sectors were given to certain firms at risk of attack and described a closer set of activities in these sectors. On the other hand, Security firm CrowdStrike believes the attacks were work of a group called Berserk Bear which has previously targeted energy, transportation, and financial firms.
Experts on security have warned about the upcoming rise in cyber attacks targeting very important sectors in the US and Europe. However, it remains unclear what prompted the DHS and the FBI to publicly release information regarding latest cyber attacks in the infrastructure and energy sectors.