Collaborate Disseminate
The notorious Russian hacking group known as Sandworm took down a substation that caused a brief outage, according to a new Mandiant report.
The post Russian hackers disrupted Ukrainian electrical grid last year appeared first on CyberScoop.
Continue reading Russian hackers disrupted Ukrainian electrical grid last year
With its war effort faltering, the Kremlin is stepping up its attacks on Ukrainian power plants, resulting in cascading internet failures.
The post Russian attacks on Ukrainian infrastructure cause internet outages, cutting off a valuable wartime tool appeared first on CyberScoop.
One of the world’s largest wind turbine manufacturers, Vestas Wind Systems, says its contending with a cyberattack that forced the firm shut down some of its IT systems. The Danish company said Monday that its investigating the security incident, discovered Nov. 19, and mitigating the impact. Vestas has “together with external partners worked around the clock to contain the situation and re-establish the integrity of its IT systems,” it said in a statement. “The company’s preliminary findings indicate that the incident has impacted parts of Vestas’ internal IT infrastructure and that data has been compromised.” Vestas, long considered an industry leader with a reported $34 billion in market value, watched a dip in stock value as word of the apparent breach spread. “There is no indication that the incident has impacted third party operations, including customer and supply chain operations,” the company’s Monday update states. “Vestas’ manufacturing, construction and service […]
The post Wind turbine giant Vestas says data was compromised in security incident appeared first on CyberScoop.
Continue reading Wind turbine giant Vestas says data was compromised in security incident
Ukraine’s top law enforcement agency published a detailed analysis Thursday outing what it says are Russian hackers and “traitors who sided with the enemy” behind a sweeping campaign that began in 2014. The hackers, according to the Security Service of Ukraine, are responsible for more than 5,000 cyberattacks on Ukrainian state entities and critical infrastructure that attempted to “infect” more than 1,500 government computer systems. The report says the Russian intelligence agency the Federal Security Service (FSB) is behind the “Armageddon” group, known more broadly outside Ukrainian borders as Gamaredon or Primitive Bear. It’s distinct from other Russian intelligence and military hacking groups behind attacks on targets around the world, including the infamous hacks of the Democratic National Committee and Hillary Clinton’s campaign ahead of the 2016 elections. Armageddon dates back to 2013 or 2014, the Ukrainian report says, making it “relatively young,” but nevertheless worthy of attention and “able […]
The post Ukraine exposes expansive Russian hacking operation targeting its government, infrastructure appeared first on CyberScoop.
The U.S. government officials trying to test the country’s ability to respond to a major cyberattack thought they had pulled out all the stops. Engineers had planned to simulate the kind of security incident that would cause an electrical blackout, after all, and had even planned to hold the event on an isolated island off the coast of New York. Even with all that preparation, a once-in-a-century pandemic still wasn’t in the script. Until this year, National Guard personnel, Pentagon contractors and engineers at big U.S. utilities would typically gather in person to run through exercises involving dire scenarios, from a weeks-long power outage to a mock attack on utility computers that appeared to delete data. In October, though, COVID-19 forced planners from the departments of Defense and Energy to figure out how to run the event virtually, with participants plugged in from around the country. And they used the […]
The post How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic appeared first on CyberScoop.
For the three Ukrainian power companies that suspected Russian hackers pried their way into in 2015, the pain wasn’t over when the attackers opened the companies’ circuit breakers and sent 225,000 people into darkness. The intruders also planted malicious code on key equipment at power substations, preventing engineers from remotely closing the circuit breakers and slowing the effort to restore power. The way the hackers blinded the Ukrainian power firms to their own operations is still studied by utilities around the world, and security specialists investigating critical electric equipment. A group of researchers at cybersecurity company Trend Micro on Wednesday added important data to those efforts by revealing multiple vulnerabilities in the same types of devices exploited by the Russians five years ago. By making their findings public, researchers are prompting organizations to further scrutinize the little black boxes that serve as translators on key networks. The research covered vendors in France, […]
The post Researchers uncover vulnerabilities in devices used at industrial facilities appeared first on CyberScoop.
Continue reading Researchers uncover vulnerabilities in devices used at industrial facilities
A November drill involving electric utilities across North America mimicked the disruptive malware used to cut power in Ukraine in 2016, testing operators’ ability to expunge the malicious code from their systems. The fictional scenario, revealed Tuesday in a press briefing on the exercise, saw the malware compromise the industrial control systems that utilities use to manage their operations. An electric equipment vendor helped the utilities replace some of the industrial computers that had been “bricked,” or rendered useless, by the malware. (The code was not actually executed on live systems; it was all simulated.) The intense scenario forced participants to “start implementing their incident response plans” and “really upped the training value for many utilities,” said Matt Duncan, an official at the North American Electric Reliability Corp., the regulator that runs the biennial drill, known as GridEx. It is an example of the greater lengths that many utilities go […]
The post North American utilities drill ‘GridEx’ brings record turnout — except from supply chain vendors appeared first on CyberScoop.
Jason Larsen was tired of hearing about the skills of Russian-linked hackers, particularly those who cut power in parts of Ukraine in 2015 and 2016. These were groundbreaking and worrying attacks, he thought to himself, but giving the attackers too much credit makes defending against them more complicated than it needs to be. So Larsen, a researcher at cybersecurity company IOActive, broke into the substation network of a European electric utility using one of the Russian hackers’ techniques. The first segment of the attack — gaining root access on some firmware— took him 14 hours. He took notes by the hour and shared them with the distribution utility, one of his clients, to improve their defenses. “We’ve embodied them with all of these god-like abilities,” Larsen said of Sandworm, the group said to be responsible for the attacks and which many believe to work on behalf of Russia’s military intelligence agency. The group turned the lights […]
The post Why one researcher mimicked Russian hackers in breaking into a European utility appeared first on CyberScoop.
Continue reading Why one researcher mimicked Russian hackers in breaking into a European utility
The United States on Sunday agreed to work more closely with three Baltic countries to protect their electric sectors from cyberattacks. “We see a crucial role that U.S. could play in assisting the Baltic states with strategic and technical support,” reads the declaration from the U.S. Department of Energy (DOE) and officials from Latvia, Lithuania, and Estonia, according to multiple news outlets. The four countries will establish a platform for sharing cybersecurity expertise over the next six months, the AFP reported. The agreement is a recognition of the need to fortify energy infrastructure that could be a prime target for hackers in the event of geopolitical conflict. Russia’s neighbors are very familiar with that dynamic: Kremlin-linked hackers cut power in parts of Ukraine in 2015 and 2016. The U.S. announcement with Baltic states was short on specifics. Spokespeople for officials in all four governments did not respond to requests for comment. The document […]
The post U.S. agrees to help Baltic states bolster grid cybersecurity appeared first on CyberScoop.
Continue reading U.S. agrees to help Baltic states bolster grid cybersecurity
Companies that view cybersecurity as a competitive advantage and fail to exchange threat data make the broader private sector more vulnerable to hacking, a Department of Homeland Security official has warned. “Cybersecurity, infrastructure security, is not a competitive advantage,” Bradford Willke, a top official in DHS’s Cybersecurity and Infrastructure Security Agency, said Tuesday. If a good product or company fails because of a breach that could have been thwarted by sharing threat information, “there’s something that we’ve all lost,” Willke said at the Public Sector Innovation Summit. By citing reported communication failures elsewhere, DHS officials hope to spur U.S. companies to work more closely with each other to harden their networks against advanced threats. In doing so, the department is trying to overcome historical reluctance in the private sector — fueled by concerns over revealing sensitive corporate information — to share threat data. Willke cited a December 2015 blackout in Ukraine caused by suspected Russian government hackers as a […]
The post Hoarding threat information ‘not a competitive advantage,’ DHS official tells corporate leaders appeared first on Cyberscoop.