Feds Allege Destructive Russian Hackers Targeted US Oil Refineries

from ars technica

For years, the hackers behind the malware known as Triton or Trisis have stood out as a uniquely dangerous threat to critical infrastructure: a group of digital intruders who attempted to sabotage industrial safety systems, with physical, potentially catastrophic results. Now the US Department of Justice has put a name to one of the hackers in that group—and confirmed the hackers’ targets included a US company that owns multiple oil refineries.

On Thursday, just days after the White House warned of potential cyberattacks on US critical infrastructure by the Russian government in retaliation for new sanctions against the country, the Justice Department unsealed a pair of indictments that together outline a years-long campaign of Russian hacking of US energy facilities. In one set of charges, filed in August 2021, authorities name three officers of Russia’s FSB intelligence agency accused of being members of a notorious hacking group known as Berserk Bear, Dragonfly 2.0, or Havex, known for targeting electrical utilities and other critical infrastructure worldwide, and widely suspected of working in the service of the Russian government.

More here.

Posted in Technology and tagged , , , .

2 Comments

  1. US Critical infrastructure has been targeted by hackers for over a decade. This is extremely concerning and problematic for all US citizens. If hackers can target security flaws in critical infrastructure in the US, then they can cause infrastructure to malfunction or shut down. This is extremely problematic, since modern American society requires critical infrastructure like electricity to function. If hackers successfully shut down US power plants, then the US economy will shrink significantly, sick people who require the assistance of machines like ventilators, will die, and traffic lights will turn off. Hacking critical infrastructure like power plants will destroy modern American society, and cause massive disorder. Countries which are adversaries engage in cyber warfare as opposed to traditional warfare, since they can crimple a country without having to send in human troops. Countries can avoid suffering population decrees and avoid the permanent disfigurement of productive young citizens, when they avoid engaging in traditional methods of warfare. Cyberwarfare provides countries with an interesting alternative to having boots on the ground. This incentive for a countries enemies to avoid the loss of life and permanent maiming of individuals, gives the United States and other countries concern that they may be attacked through cyberwarfare. Cyberwarfare is unfortunately, a common concern as companies and governments are attacked every day. In fact, the first successful cyber-attack on utilities that caused a massive power outage occurred in 2015 in Ukraine. Ukraine’s government experienced a cyber attack in 2017 when they partially lost power. Both attacks were believed to have come from Russia. In 2019, an American electric utility was hacked. While this utility was hacked, there were, fortunately, no widespread outages. This hack does indicate that American Critical infrastructure is susceptible to cyberwarfare attacks, and should be a case for concern. We need to enhance cybersecurity capabilities for electrical utilities, so we can minimize the risk of hackers being successful again and to hopefully avoid a widespread shutdown of the US electric grid. The use of cyberwarfare is present in the current Russian invasion of Ukraine, and cyberwarfare will continue to be a tool leveraged more and more in the future as technology evolves. Currently, Russia has shut down Ukrainian Banks, and Ukrainian Government Websites, and they are spreading disinformation about their current invasion. These forms of cyberwarfare are just some examples of what can be done to cause disorder in a country during time of war. Ultimately, the US and other countries around the world need to increase their investments in cybersecurity, so they can prevent cyberattacks and develop proactive solutions in preparation of future cyberattacks.

  2. It is no new news about the horrific events that are currently taking place in Ukraine; the conflict has spanned much farther than just Ukraine, however. The war in Ukraine has turned into a sort of micro-cold war, as tensions in the region have increased so has tensions between Russia and Nato and more especially the United States. The most prominent effect of the war in regard to micro-cold war is the sanctions that have been placed on Russia. Russia has been faced with sanctions from many different European and Western nations, most big corporations have pulled out of Russia, and some have paused business doings with Russia. However more than any other sanction, the restrictions placed on oil and natural gas trade had the most detrimental effects on both sides of the spectrum as well on the entire global market.
    The effects of such can be seen through the stock market as well as the rising gas prices in both the United States and Europe. The article I read today is entitled “Feds allege destructive Russian hack targeted US oil refineries” deriving from previous tensions between the two nations, Russia’s attacks on the infrastructure of utilities and oil refineries were a direct blow on America’s economy and set up America for failure during the Ukrainian invasion. The allegations against the Russian government can be found in the article “ In one set of charges, filed in August 2021, authorities name three officers of Russia’s FSB intelligence agency accused of being members of a notorious hacking group known as Berserk Bear, Dragonfly 2.0, or Havex, known for targeting electrical utilities and other critical infrastructure worldwide, and widely suspected of working in the service of the Russian government.” (Greenberg).
    This is only one of the only known groups of Russian hackers affiliated with the Russian government, a second indictment was filed two months prior in June, “The second indictment, filed in June 2021, levels charges against a member of an arguably more dangerous team of hackers: a Russian group known variously as the Triton or Trisis actor, Xenotime or Temp.Veles. That second group didn’t merely target energy infrastructure worldwide but also took the rare step of inflicting real disruption in the Saudi oil refinery Petro Rabigh in 2017, infecting its networks with potentially destructive malware, and—the indictment alleges for the first time—attempting to break into a US oil-refining company with what appeared to be similar intentions. “ (Greenberg). Cyber attacks against the United States government are extremely common especially coming from Russian intelligence. In recent days these attacks have only worsened, and it just goes to show how volatile the relationship between the United States and Russia truly is.

Leave a Reply

Your email address will not be published. Required fields are marked *