Dive Brief:
- Government-backed Russian hackers may have infiltrated the secure command systems of the U.S. energy grid, according to reports by ABC News.
- The Department of Homeland Security recently issued an alert for a piece of malware known as BlackEnergy, though news reports say the hacking could date back to 2011.
- According to the alert, issued by DHS's Industrial Control System Cyber Emergency Response Team (ICS-CERT), the malware has targeted various vendors including GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC.
Dive Insight:
Attacks on control systems in the energy space are fairly rare, but the older Havex malware threat and newer BlackEnergy have both been in the news lately. Greentech Media is reporting on threats to the oil, gas and power distribution systems, and a new report by ABC News finds Russian hackers may have infiltrated secure energy systems.
The most recent attack on energy command systems may be a part of a broader campaign targeting Microsoft systems, Greentech reported. Utilities are spending billions of dollars to protect their grids, with the bulk of that money being directed towards online control systems.
ICS-CERT's alert said it had not identified any attempts to damage, modify, or otherwise disrupt the victim systems’ control processes. "However, typical malware deployments have included modules that search out any network-connected file shares and removable media for additional lateral movement within the affected environment," the Nov. 3 alert said. "The malware is highly modular and not all functionality is deployed to all victims."
