Researchers stop Russian attack against Ukrainian energy company


Apr 13, 2022 #"Technology Docking Stations, #Absorbable Modified Polymers Technology, #Advanced Technology Grants Pass, #Aidan'S Professional Technology Services, #Albuquerque Nm Information Technology Recruiters, #Bhd Technology Vr, #Catholic ""Information Technology, #Ceo Comcast Technology, #Computer Technology Electronic, #Current Applications Of Rdna Technology, #Disadvantages Technology Law, #Ferrum Technology Services, #Fundamentals Of Medical Laboratory Technology, #Gmu Department Of Information Technology, #Hornborg Alf Technology Effects, #I'M Done Working In Technology, #James V. Arms Technology, #Jurassic Park Technology Analysis, #Liquidmetal Technology News, #Llc, #Mathey Technology And Engineering, #Medical Technology In 500 Bc, #Musc Library Technology Downloads, #New Jersey Technology Office Space, #Pc Ralley Technology, #Ridge Technology Services, #Technology 3x Reverse Etf, #Technology Abuse Use, #Technology Adoption Three Types, #Technology Advantage Info, #Technology And Improving Menial Jobs, #Technology Classroom Building 311, #Technology Companys In Usa, #Technology Distracting Studying Students, #Technology Enablement White Paper, #Technology Images For Ppt, #Technology Impact On Finance Departments, #Technology In Chennai, #Technology In Greek Translation, #Technology Into History Lesson, #Technology Is Electricity Ted Talks, #Technology Professionals Of British Columbia, #Technology Relatesecuirty Topics, #Technology Studies Emu, #Technology To Prevent Medication Errors, #Technology Want What Ails Look, #Tesla Technology Roadmap, #Veterinary Assisting Vs Veterinary Technology", #Wentworth Institute Of Technology Animation, #What Is Today'S Technology, #With The Arise Of Technology

A Russian attack against a Ukranian energy company has been stopped by security researchers from ESET spol s.r.o and Microsoft Corp. in conjunction with Ukraine’s Governmental Computer Emergency Response Team.

The attack, linked to the Russian government “Sandworm” hacking group, used a new variant of the Industroyer malware dubbed Industroyer2. Industroyer is an infamous malware that was first used in 2015 to target Ukraine’s power supply.

Industryoer2 was used to target high-voltage electrical substations in the country but was not the only form of malware used by Sandworm in its campaign. The hacking gang also used CaddyWiper, Orchshred, Soloshred and Awfulshred malware to try to take down the electricity company. CaddyWiper had been previously used in March to target a Ukrainian bank.

The researchers note that they do not know how the attacks compromised the initial victim nor how they moved from the information technology network to the industrial control system network. The attackers were able to move laterally between different network segments “by creating chains of SSH tunnels.”

The Sandworm hacking group, also known as APT28 and Fancy Bear, has been linked to various hacking incidents, including those that targeted the Pyeongchang Winter Olympics, the 2017 French elections and the NotPetya ransomware attacks. Six members of the gang were indicted by the U.S. Department of Justice in October 2020. The indictment stated that all six were members of Unit 74455 of the Russian Main Intelligence Directorate, a military intelligence agency of the General Staff of the Armed Forces.

Authorities in the U.S. and U.K. warned in July that Sandworm was conducting a campaign of brute-force attacks to gain access to networks and steal data.

“The reported cyberattack on the electricity grid only serves to highlight a long-standing reality — organizations that have substantial gaps in their cyber defense capabilities are operating at risk,” Lorri Janssen-Anessi, director of external cybersecurity assessments at cloud-based cyber defense company BlueVoyant LLC and former senior analyst at the Department of Defense, told SiliconANGLE. “And when the threat landscape changes, as it has now, we become more aware of the vulnerabilities that we have carried for some time.”

The attack highlights that when threat actors attack critical sectors infrastructure, the results could be actual damage and human harm, she added. “Cyber attacks with physical effects are unfortunately becoming a tool in the war arsenal,” she said.

Noting that energy and critical infrastructure have faced attacks in the past, such as the Colonial Pipeline Co. ransomware attack, Janssen-Anessi explained that the energy sector has specific vulnerabilities, such as a complex infrastructure that often involves physical and cyber infrastructure across many countries, suppliers and distributors, the need to run at all times with no downtime and the reality of being a high-profile target.

“The energy industry is already on alert, but must use the current climate to once again take a hard look at its internal and external attack surface,” she warned.

Photo: Pixabay

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

By lita