Russian Hackers Attacks U.S. Nuclear, Aviation, And Electric Grid

The U.S. Government officials have accused Russian cyber actors of attacking key U.S. Infrastructure across a wide range of industries- aviation, nuclear, the electric grid etc.

The allegations are made in a joint alert issued on March 15 by the Department of Homeland Security and the FBI; the alert says- “Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

The alert points out that the Russian hackers have succeeding in gaining remote access to energy sector networks, which includes a nuclear plant in the U.S. Reporting on the joint alert, Newsweek quotes Energy Secretary Rick Perry’s statement a House committee panel. The Newsweek report says- “Energy Secretary Rick Perry, who was testifying in a House committee panel at the time of the alert, told lawmakers that cyber-attacks were “literally happening thousands of times a day.” He added that “the warfare that goes on in the cyberspace is real, it’s serious, and we must lead the world.”” The report further adds- “However, Perry cautioned that he was “not confident” the federal government had a strategy in place to adequately deal with the ongoing threats.”

At the same time, Newsweek also discusses the opinions of House Energy and Water Appropriations Subcommittee Chairman Mark Simpson, who doesn’t sound too positive about the government’s efforts. Newsweek quotes Mark Simpson as saying-“I’m as worried about cybersecurity as I am nuclear…I think we’re attacking it department-wide, but I’m not sure we’re attacking it government-wide.”

The FBI-DHS alert also mentions the project Dragonfly released by Symantec in 2017 and discussing attacks on the Western energy sector. The alert says- “Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign.” The alert also discusses who the targets of the Russian hackers are- “This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks, referred to as “staging targets” throughout this alert. The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the “intended target.””

The joint alert also discusses the tactics, techniques, and procedures (TTPs) used by the cyber actors; these include spear-phishing emails, credential gathering, watering-hole domains, open-source and network reconnaissance, host-based exploitation, and targeting ICS (Industrial Control System) infrastructure.