No big deal... Kremlin hackers 'jumped air-gapped networks' to pwn US power utilities
The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America's critical infrastructure.
Uncle Sam's finest reckon Moscow's agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, and plunged America into darkness.
The hackers, dubbed Dragonfly and Energetic Bear, struck in the spring of 2016, and continued throughout 2017 and into 2018, even invading air-gapped networks, it is claimed.
This seemingly Hollywood screenplay emerged on Monday in the pages of the Wall Street Journal (paywalled) which spoke to Homeland Security officials on the record.
The Energetic Bear aka Dragonfly crew – fingered in 2014 by Crowdstrike and Symantec – was inside “hundreds” of power grid control rooms by last year, it is claimed. Indeed, since 2014, power companies have been warned by Homeland Security to be on the look out for state-backed snoops – with technical details on intrusions published here.
The Russians hacked into the utilities' equipment vendors and suppliers by spear-phishing staff for their login credentials or installing malware on their machines via boobytrapped webpages, it is alleged.
The miscreants then leveraged their position within these vendors to infiltrate the utilities and squeeze into the isolated air-gapped networks in control rooms, it is further alleged. The hacker crew also swiped confidential internal information and blueprints to learn how American power plants and the grid system work.
We're told, and can well believe, that the equipment makers and suppliers have special access into the utilities' networks in order to provide remote around-the-clock support and patch deployment – access that, it seems, turned into a handy conduit for Kremlin spies.
The attacks are believed to be ongoing, and some utilities may not yet be aware they've been pwned, we were warned. It is feared the stolen information, as well as these early intrusions, could be part of a much larger looming assault.
“They got to the point where they could have thrown switches,” Jonathan Homer, chief of industrial control system analysis for Homeland Security, told the paper.
The Register will watch developments, however, caution is probably a useful prescription at this stage.
After all, an attack on the American grid reported in late 2016 turned out to be far less than was first feared: it was one infected laptop in a relatively small operator, Burlington Electric, and the attack didn't reach control systems.
Infrastructure security expert Robert Lee has a level-headed thread, here, on Twitter. "In short, please take cyber threats to industrial infrastructure serious," he said. "They are getting far more aggressive and numerous. But let’s not use word choices that mislead and hype up the issue. It’s bad enough without added fear."
While the Kremlin has seemingly developed a keen interest in America's computer systems, it has denied any wrongdoing.
- Cyber Director, Consulting / team lead, Business Developer. London, £130k + bonus + package
- £130k + bonus + package
The Cyber Director will engage with key client stakeholders to understand, advice, influence and deliver critical programs and projects, lead technical teams, provide consultative change including, but not limited to; strategic, transformation, advisory cyber services etc. CRITICALLY the Cyber Director will be responsible for identifying new clients and generating revenue streams within those new engagements (as well as existing clients). This revenue / profit generation is a key function of the role and there is a strong preference for someone to have prior experience successfully delivering a number from a management consulting firm. Given that the Cyber Director will be market facing position, the individual must be able to demonstrate previous experience in in delivering presentations / speeches at industry trade shows, creating white papers, industry relevant content etc Any experience across Cyber business transformation, GRC, IOT, Data privacy, Cloud Security, Penetration testing, Forensics / Incident response etc. (This is a non-exclusive list. Experience working across multiple verticals including finance, retail, UK public sector, critical national infrastructure, defence, Blue light, MOD etc is desirable. Ability to achieve UK Security Clearance is essential. All details kept in discretion. Apply today or contact firstname.lastname@example.org
- Security Cloud Consultant, Design / Review / Advise, London
** Actively recruiting- Able to hire** Security Cloud Consultant, Design / Review / Advise with both technical design / architecture and information security (technical risk assessment) experience is needed to help a growing consultancy work with multiple clients on various security programmes. The responsibilities of the role will include, but not be limited to; Delivering high level security related design, discovering and advising against any security risk within a client’s current architecture, reviewing security architecture plans, design related consultation, technical review of architecture against policies. The Security Cloud Consultant, Design / Review / Advise, needs to have a broad Security Architecture experience including Cloud security Azure, Office265 / AWS is essential. Any of the following would be desirable, although not essential. AZ-500: Microsoft Azure Security Technologies AZ-303: Microsoft Azure Architect Technologies Travel will be required. Given the nature of the clients, the individual must be elidable to achieve UK Security clearance. Apply today for more information Chris.email@example.com https://www.linkedin.com/in/chrisholt1/ 07884666351
- eDiscovery Relativity Consultant
- Up to £65,000
REFCH7559 eDiscovery Relativity Consultant, Processing onwards, London, £65,000 London Experienced eDiscovery Relativity Consultant needed to join a London based client. The eDiscovery Relativity Consultant MUST have experience from the process stage onwards of the EDRM cycle. Processing, Review, Analysis, Production, Presentation. Experience optimising and improving analytics highly desirable. Identification and collection experience is useful but not essential. This individual commutable to London based as the role will be predominately office based Relativity Certified Administrator (RCA) Relativity Analytics Specialist Relativity Processing Specialist Relativity Certified User Relativity Infrastructure Specialist Fluency one or more European languages is desirable but not essential. Structured career progression available. All details kept in the strictest of confidence. Contact me on Chris.firstname.lastname@example.org 07884666351 or 02086634030
- Cyber Security Consultant, New Job, Devon, £60,000
Can interview and hire remotely without face to face. Cyber Security Consultant is needed in a client-facing consultancy role in the Devon area. Cyber Security Consultant needs to have a strong information security experience with a technical hands-on background. Travel will be involved with other clients, but a larger proportion of the time will be within the Devon area. This is a Security consultancy role so travel to other client site locations across the country will be expected. Broad InfoSec experience is desirable given the range of projects/programmes you will be involved in. The individual will be required to achieve or currently hold SC security clearance. Apply today. All details kept in the strictest of confidence. Chris.Holt@dclsearch.com 07884666351