Nuclear and energy sectors targeted by hackers, US government warns
Industrial firms, including power providers and other utilities, have been particularly worried about the potential for destructive cyberattacks since December 2016, when hackers cut electricity in Ukraine
The US government warned industrial firms this week about a hacking campaign targeting the nuclear and energy sectors, the latest event to highlight the power industry’s vulnerability to cyberattacks.
Since at least May, hackers used tainted “phishing” emails to “harvest credentials” so they could gain access to networks of their targets, according to a joint report from the US Department of Homeland Security and FBI.
While disclosing attacks, and warning that in some cases hackers succeeded in compromising the networks of their targets, the report did not identify any specific victims.
“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.
Homeland Security and FBI officials could not be reached for comment on the report, which was dated June 28. The report was released during a week of heavy hacking activity.
A virus dubbed “NotPetya” attacked on Tuesday, spreading from initial infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupting activity at ports, law firms and factories.
On Tuesday, the energy-industry news site E&E News reported that US investigators were looking into cyber intrusions this year at multiple nuclear power generators.
Industrial firms are particularly anxious about the threat that hackers pose to their operations.
Industrial firms, including power providers and other utilities, have been particularly worried about the potential for destructive cyberattacks since December 2016, when hackers cut electricity in Ukraine.
Two cybersecurity firms said on June 12 that they had identified the malicious software used in the Ukraine attack, which they dubbed Industroyer, warning that it could be easily modified to attack utilities in the US and Europe.
Industroyer is only the second piece of malware uncovered to date that is capable of disrupting industrial processes without the need for hackers to manually intervene.
The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the US and Israel to attack Iran’s nuclear programme.
The US government report said attackers conducted reconnaissance to gain information about the individuals whose computers they sought to infect so that create “decoy documents” on topics of interest to their targets.
In an analysis, it described 11 files used in the attacks, including malware downloaders and tools that allow the hackers to take remote control of victim’s computers and travel across their networks.
Chevron, Exxon Mobil and ConocoPhillips, the three largest US oil producers, declined to comment on their network security.