Feds Allege Destructive Russian Hackers Targeted US Oil Refineries

from ars technica

For years, the hackers behind the malware known as Triton or Trisis have stood out as a uniquely dangerous threat to critical infrastructure: a group of digital intruders who attempted to sabotage industrial safety systems, with physical, potentially catastrophic results. Now the US Department of Justice has put a name to one of the hackers in that group—and confirmed the hackers’ targets included a US company that owns multiple oil refineries.

On Thursday, just days after the White House warned of potential cyberattacks on US critical infrastructure by the Russian government in retaliation for new sanctions against the country, the Justice Department unsealed a pair of indictments that together outline a years-long campaign of Russian hacking of US energy facilities. In one set of charges, filed in August 2021, authorities name three officers of Russia’s FSB intelligence agency accused of being members of a notorious hacking group known as Berserk Bear, Dragonfly 2.0, or Havex, known for targeting electrical utilities and other critical infrastructure worldwide, and widely suspected of working in the service of the Russian government.

More here.

Posted in Technology and tagged , , , .

One Comment

  1. US Critical infrastructure has been targeted by hackers for over a decade. This is extremely concerning and problematic for all US citizens. If hackers can target security flaws in critical infrastructure in the US, then they can cause infrastructure to malfunction or shut down. This is extremely problematic, since modern American society requires critical infrastructure like electricity to function. If hackers successfully shut down US power plants, then the US economy will shrink significantly, sick people who require the assistance of machines like ventilators, will die, and traffic lights will turn off. Hacking critical infrastructure like power plants will destroy modern American society, and cause massive disorder. Countries which are adversaries engage in cyber warfare as opposed to traditional warfare, since they can crimple a country without having to send in human troops. Countries can avoid suffering population decrees and avoid the permanent disfigurement of productive young citizens, when they avoid engaging in traditional methods of warfare. Cyberwarfare provides countries with an interesting alternative to having boots on the ground. This incentive for a countries enemies to avoid the loss of life and permanent maiming of individuals, gives the United States and other countries concern that they may be attacked through cyberwarfare. Cyberwarfare is unfortunately, a common concern as companies and governments are attacked every day. In fact, the first successful cyber-attack on utilities that caused a massive power outage occurred in 2015 in Ukraine. Ukraine’s government experienced a cyber attack in 2017 when they partially lost power. Both attacks were believed to have come from Russia. In 2019, an American electric utility was hacked. While this utility was hacked, there were, fortunately, no widespread outages. This hack does indicate that American Critical infrastructure is susceptible to cyberwarfare attacks, and should be a case for concern. We need to enhance cybersecurity capabilities for electrical utilities, so we can minimize the risk of hackers being successful again and to hopefully avoid a widespread shutdown of the US electric grid. The use of cyberwarfare is present in the current Russian invasion of Ukraine, and cyberwarfare will continue to be a tool leveraged more and more in the future as technology evolves. Currently, Russia has shut down Ukrainian Banks, and Ukrainian Government Websites, and they are spreading disinformation about their current invasion. These forms of cyberwarfare are just some examples of what can be done to cause disorder in a country during time of war. Ultimately, the US and other countries around the world need to increase their investments in cybersecurity, so they can prevent cyberattacks and develop proactive solutions in preparation of future cyberattacks.

Leave a Reply

Your email address will not be published.