Energy Sector Hacking Campaign Continues
Energy Sector Hacking Campaign Continues
The U.S. government has issued a rare technical alert, warning that attackers are continuing to compromise organizations across the energy sector, often by first hacking into less secure business partners and third-party suppliers.
See Also: How to Scale Your Vendor Risk Management Program
The 16-page joint technical alert was issued late Friday by the U.S. Department of Homeland Security and the FBI, which want targeted organizations to better secure their systems and block attacks to help arrest this hacking campaign.
The alert warns that since at least May, "a multistage intrusion campaign by threat actors" continues to target "low security and small networks to gain access and move laterally to networks of major, high-value asset owners within the energy sector."
Initial targets have included firms across the nuclear, water, aviation and critical manufacturing sectors, it says.
Despite this attack campaign having been previously spotted and attack methodologies detailed by security researchers, the U.S. government warns that the attacks have continued unabated.
"Based on malware analysis and observed IOCs, DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign," the DHS-FBI alert warns. The alert includes indicators of compromise, or IOCs, as well as technical details on the tactics, techniques and procedures, or TTPs, used by the APT attackers tied to this campaign.
Attackers are Pivoting
These TTPs continue to include open-source reconnaissance, spear-phishing emails from legitimate but compromised accounts, watering-hole attacks, credential harvesting as well as targeting industrial control systems, the alert warns.
The DHS-FBI alert warns that larger energy sector organizations are suffering intrusions because of poor information security practices on the part of their business partners and third-party suppliers.
"The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks," the alert says, adding that these victims function as the first stage in many attacks. "The threat actor uses the staging targets' networks as pivot points and malware repositories when targeting their final, intended victims. The ultimate objective of the cyber threat actors is to compromise organizational networks."
Critical infrastructure security expert Robert M. Lee says that while the DHS-FBI alert warns of an ongoing and successful "multistage intrusion campaign," it's referring to intrusions as well as attacks.
Comments
Post a Comment