HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Russian Government Cyber ...

Thu Mar 15, 2018, 11:48 AM

Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

Source: US-CERT: US Computer Emergency Readiness Team

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

Read more: https://www.us-cert.gov/ncas/alerts/TA18-074A



This is more serious than anything I've seen before - with many years in US gov't and private industry security.

Get prepared!

19 replies, 2584 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 19 replies Author Time Post
Reply Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors (Original post)
erronis Mar 2018 OP
pangaia Mar 2018 #1
IronLionZion Mar 2018 #3
pangaia Mar 2018 #5
erronis Mar 2018 #7
IronLionZion Mar 2018 #9
RandomAccess Mar 2018 #2
erronis Mar 2018 #4
Maggiemayhem Mar 2018 #6
neohippie Mar 2018 #8
pangaia Mar 2018 #10
flibbitygiblets Mar 2018 #11
TeapotInATempest Mar 2018 #12
Ilsa Mar 2018 #15
KY_EnviroGuy Mar 2018 #19
Oneironaut Mar 2018 #13
bucolic_frolic Mar 2018 #14
C Moon Mar 2018 #16
TeapotInATempest Mar 2018 #17
matt819 Mar 2018 #18

Response to erronis (Original post)

Thu Mar 15, 2018, 11:58 AM

1. It occurred to me years ago how easy it would be

to, for example, just blow up some of the towers carrying power lines from Niagara Falls.
I mean, anybody could do it.....

Reply to this post

Back to top Alert abuse Link here Permalink


Response to pangaia (Reply #1)

Thu Mar 15, 2018, 12:06 PM

3. There are definitely a lot of vulnerability points all over our grid

especially in the systems that monitor and alert control centers to take action

https://en.wikipedia.org/wiki/Northeast_blackout_of_2003

Reply to this post

Back to top Alert abuse Link here Permalink


Response to IronLionZion (Reply #3)

Thu Mar 15, 2018, 12:12 PM

5. Exactly..

Seems to me pretty easy to do to so many systems-- ATC, electric grid, elections, automobile factories, FEDEX, Amazon, food chain, ANY CHAIN, airports, It goes on an on...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to IronLionZion (Reply #3)

Thu Mar 15, 2018, 12:29 PM

7. Fortunately, we've been spending a lot of money improving our infrastructure

You have to wonder how long the Kremlin has had its tentacles into a particular political party that has prevented positive improvements.

Like the Clancy novels, they are happy to dig in deep and wait for the right moment. Let's see, is there a date in history that would be fun to commemorate? How about May 1?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Reply #7)

Thu Mar 15, 2018, 12:33 PM

9. That would be socialism

better to wait patiently for the private sector to fix the infrastructure. I'm sure they'll do it eventually.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 12:05 PM

2. This isn't the first time, unfortunately.

 

But it scares me too -- in large part because I don't know how Trump will / would / could counter it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RandomAccess (Reply #2)

Thu Mar 15, 2018, 12:10 PM

4. Like a Clancy novel - the enemy has installed a mole at the top of the US gov't

Maybe dump is not as stupid as he acts. Or maybe they keep him well medicated.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 12:16 PM

6. Wasnt this what Homeland Security was worried about from terrorist organizations?

So the right has been supporting terror.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 12:32 PM

8. Remember this story



https://www.politico.com/story/2017/06/01/russia-spies-espionage-trump-239003


In the throes of the 2016 campaign, the FBI found itself with an escalating problem: Russian diplomats, whose travel was supposed to be tracked by the State Department, were going missing.

The diplomats, widely assumed to be intelligence operatives, would eventually turn up in odd places, often in middle-of-nowhere USA. One was found on a beach, nowhere near where he was supposed to be. In one particularly bizarre case, relayed by a U.S. intelligence official, another turned up wandering around in the middle of the desert. Interestingly, both seemed to be lingering where underground fiber-optic cables tend to run.

According to another U.S. intelligence official, “They find these guys driving around in circles in Kansas. It’s a pretty aggressive effort.”

It’s a trend that has led intelligence officials to conclude that the Kremlin is waging a quiet effort to map the United States’ telecommunications infrastructure, perhaps preparing for an opportunity to disrupt it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 12:35 PM

10. Where is Lisbeth Salandar when we need her?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 12:55 PM

11. Fortunately we have crackerjack Energy Sec Rick Perry to save us

Oh fuck, we're all doomed.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 01:06 PM

12. Like you, I have experience in security

Specifically, information security for the private sector for more than a decade.

How many years have we been sounding the alarm about weaknesses in SCADA/ICS systems?

How many years have we watched Russian hackers develop and monetize their malware while the Russian government trained, rewarded and partnered with them?

How many years have we said that the U.S. was not remotely prepared for a serious attack on our infrastructure?

That the situation we are now finding ourselves in was only a matter of time does not diminish that it is one of my worst nightmares. We had many chances in this country to prevent it and did not. I do not know what we do now.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TeapotInATempest (Reply #12)

Thu Mar 15, 2018, 01:57 PM

15. And for all we know, they could be partnering or instructing

Iranian hacker groups.

My understanding was that after we targeted Iran's neclear enrichment program with the help of Israel, Iran called out for its youth and IT people to show their national pride and train and deploy government-targeted hacks against US interests as a warning. That's when several big banks were hacked, along with some critical infrastructure. The Obama Administration let the big banks take their hits and cover their own losses, but supposedly started working harder to protect critical interests.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TeapotInATempest (Reply #12)

Thu Mar 15, 2018, 04:30 PM

19. I suspect Putin has a big red button on his desk...

and it's not for a nuclear weapons attack.


Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 01:47 PM

13. Its a special absurdity that we buy trillions of dollars of war assets, and have the best army in

the world, but we can easily be toppled by a cyber attack.

We’re stuck in the old model of warfare. Russia doesn’t need to bomb us - they just need to collapse the country from within. Of course, the defense industry needs their cash.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 01:50 PM

14. Where is this leading?

it's the type of thing useful for invasion. or for leverage.

i'm baffled.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 02:11 PM

16. Maybe they plan to interrupt the grid in November?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to C Moon (Reply #16)

Thu Mar 15, 2018, 02:47 PM

17. I wonder this, too.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to erronis (Original post)

Thu Mar 15, 2018, 03:32 PM

18. Here's the beauty of this situation for this regime

They can say they're responding, but there's no way for anyone to confirm this.

Unless we mess with the electrical grid in Russia, or some other obvious attack, this regime can say they're doing magnificent work in responding to these threats/actions - the best hacking, beautiful, believe me - and we'll just never know.

Let's face it, the default reaction to anything announced by this regime is yeah, right. Heck, the reaction by regime supporters is the same, with the difference being that they are fine with that reaction.

So, my rather naive response to this kind of report is, okay, I believe you. Now what are you doing in response?

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread