Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
Source: US-CERT: US Computer Emergency Readiness Team
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.
DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
Read more: https://www.us-cert.gov/ncas/alerts/TA18-074A
This is more serious than anything I've seen before - with many years in US gov't and private industry security.
Get prepared!
pangaia
(24,324 posts)to, for example, just blow up some of the towers carrying power lines from Niagara Falls.
I mean, anybody could do it.....
IronLionZion
(45,380 posts)especially in the systems that monitor and alert control centers to take action
https://en.wikipedia.org/wiki/Northeast_blackout_of_2003
pangaia
(24,324 posts)Seems to me pretty easy to do to so many systems-- ATC, electric grid, elections, automobile factories, FEDEX, Amazon, food chain, ANY CHAIN, airports, It goes on an on...
erronis
(15,181 posts)You have to wonder how long the Kremlin has had its tentacles into a particular political party that has prevented positive improvements.
Like the Clancy novels, they are happy to dig in deep and wait for the right moment. Let's see, is there a date in history that would be fun to commemorate? How about May 1?
IronLionZion
(45,380 posts)better to wait patiently for the private sector to fix the infrastructure. I'm sure they'll do it eventually.
RandomAccess
(5,210 posts)But it scares me too -- in large part because I don't know how Trump will / would / could counter it.
erronis
(15,181 posts)Maybe dump is not as stupid as he acts. Or maybe they keep him well medicated.
Maggiemayhem
(807 posts)So the right has been supporting terror.
neohippie
(1,142 posts)https://www.politico.com/story/2017/06/01/russia-spies-espionage-trump-239003
In the throes of the 2016 campaign, the FBI found itself with an escalating problem: Russian diplomats, whose travel was supposed to be tracked by the State Department, were going missing.
The diplomats, widely assumed to be intelligence operatives, would eventually turn up in odd places, often in middle-of-nowhere USA. One was found on a beach, nowhere near where he was supposed to be. In one particularly bizarre case, relayed by a U.S. intelligence official, another turned up wandering around in the middle of the desert. Interestingly, both seemed to be lingering where underground fiber-optic cables tend to run.
According to another U.S. intelligence official, They find these guys driving around in circles in Kansas. Its a pretty aggressive effort.
Its a trend that has led intelligence officials to conclude that the Kremlin is waging a quiet effort to map the United States telecommunications infrastructure, perhaps preparing for an opportunity to disrupt it.
pangaia
(24,324 posts)flibbitygiblets
(7,220 posts)Oh fuck, we're all doomed.
TeapotInATempest
(804 posts)Specifically, information security for the private sector for more than a decade.
How many years have we been sounding the alarm about weaknesses in SCADA/ICS systems?
How many years have we watched Russian hackers develop and monetize their malware while the Russian government trained, rewarded and partnered with them?
How many years have we said that the U.S. was not remotely prepared for a serious attack on our infrastructure?
That the situation we are now finding ourselves in was only a matter of time does not diminish that it is one of my worst nightmares. We had many chances in this country to prevent it and did not. I do not know what we do now.
Ilsa
(61,690 posts)Iranian hacker groups.
My understanding was that after we targeted Iran's neclear enrichment program with the help of Israel, Iran called out for its youth and IT people to show their national pride and train and deploy government-targeted hacks against US interests as a warning. That's when several big banks were hacked, along with some critical infrastructure. The Obama Administration let the big banks take their hits and cover their own losses, but supposedly started working harder to protect critical interests.
KY_EnviroGuy
(14,488 posts)and it's not for a nuclear weapons attack.
Oneironaut
(5,486 posts)the world, but we can easily be toppled by a cyber attack.
Were stuck in the old model of warfare. Russia doesnt need to bomb us - they just need to collapse the country from within. Of course, the defense industry needs their cash.
bucolic_frolic
(43,044 posts)it's the type of thing useful for invasion. or for leverage.
i'm baffled.
C Moon
(12,208 posts)TeapotInATempest
(804 posts)matt819
(10,749 posts)They can say they're responding, but there's no way for anyone to confirm this.
Unless we mess with the electrical grid in Russia, or some other obvious attack, this regime can say they're doing magnificent work in responding to these threats/actions - the best hacking, beautiful, believe me - and we'll just never know.
Let's face it, the default reaction to anything announced by this regime is yeah, right. Heck, the reaction by regime supporters is the same, with the difference being that they are fine with that reaction.
So, my rather naive response to this kind of report is, okay, I believe you. Now what are you doing in response?