A US Federal alert released earlier this week indicates that dangerous malware was found on critical public services, these attacks may be Russian based.
On Wednesday, April 13th 2022, a joint federal alert from multiple agencies including the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the FBI was released reporting that malware used by hackers were found on a number of critical US public services systems. Reportedly, this malware has the potential to give hackers "full access" to the infected industrial control systems.
The malware discovered appears to be designed to target power and natural gas sites across the United States. Potentially, the malware can significantly disrupt the access to power and gas in the affected regions. Robert Lee, the CEO of Dragos one of the cybersecurity agencies involved in discovering this malware, reports that the malware was found "before an attack was attempted" which is a "big win" for the US.
Lee reports that “We’re actually one step ahead of the adversary. None of us want them to understand where they screwed up,”
The Cybersecurity and Infrastructure Security Agency (CISA), the organization who initially published this alert, refused to disclose any information that could identify which groups were involved in developing the malware.
Mandiant, another cybersecurity firm involved in identifying this attack, reports that the malware discovered is "consistent with the malware used in Russia’s prior physical attacks". The representative from Mandiant acknowledges that this evidence is circumstantial and should not be taken as fact until more information is discovered about this attack.
Lee from Dragos appears to agree with this assessment, reporting to the guardian that a "state actor" is believed to be behind the hack. Lee states that his firm has "high confidence" in this assessment and he believes this attack was intended to damage power and gas systems across the US. Lee did not name any specific state actor, or how the #malware was discovered.
the malware discovered is "consistent with the malware used in Russia’s prior physical attacks".
The US government has warned critical infrastructure industries that these attacks may be retaliation from Russia for the harsh economic sanctions imposed as a result of the #Russain invasion into #Ukraine earlier this year. These critical infrastructure industries are advised to be on high alert for further retaliation from Russia in the form of cyber-attacks. In March, the FBI issued an alert that Russia had scanned at least five energy companies for vulnerabilities.
In the issued alert, the US governmental agencies urge companies to be especially mindful of their cybersecurity protocols and defense strategy now. They also outlined several steps companies can use to reduce their risk for becoming targeted.
Mandiant, a cyberseucrity frim believes that the malware poses the greatest threat to Ukraine, as it likely is being used as a weapon against the Ukrainian resistance against the Russian invasion. #NATO members, and other countries supporting Ukraine may also be at risk for being targeted by this kind of attack.
This malware is believed to have the ability to shut down critical infrastructure, sabotage industrial processes, and disabling safety controls- which could lead to the injury or death of those working on site.
This malware is believed to have the ability to shut down critical infrastructure, sabotage industrial processes, and disabling safety controls- which could lead to the injury or death of those working on site. The malware discovered is similar to older malware, named "triton", which was used to shut down a Saudi oil refinery in 2017. The Triton malware was previously traced back to Russian hackers from their military.
Lee from Drakos told reporters that this malware is the seventh generation discovered and appears to be designed to target a variety of industrial control systems across the US and Canada. He reports that this malware would not have been discovered without these energy companies having partnered with his cyberseucrity firm. The malware was reportedly discovered during research his company was performing on cyberthreats to the attacked energy firms.
Are you at risk for a similar cyberattack? Is your firm taking steps to reduce their cyber risk and identify gaps in defense? Businesses of all sizes are at risk for cyberthreat. These kinds of attacks are only becoming more common as malicious agents recognize the value of data control. Don't set your cyber-defense strategy to default, partner with the one of the leading cyberseucrity firms in the world!
Pentagon Cyber, Inc has the tools, training, and experienced needed to manage and optimize your organizations cybersecurity risk. Our team of experts work with organizations both large and small. Don't allow malicious entities to steal your most valuable resource, your private information. Schedule your FREE initial consultations with your personal cyberseucrity agent. Use the link below to schedule today!