Federal cybersecurity agencies along with the Department of Energy (DOE) have published a new cyber advisory that talks about several Russian hacks on the energy sector between 2011 and 2018 that are the subject of a Department of Justice (DOJ) indictment unsealed this week against Russian actors for those past attacks.
The March 24 advisory from DOE, the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) offers technical details of a “global energy sector intrusion campaign using Havex malware, and the compromise of a Middle East-based energy sector organization using TRITON malware.”
In its separate announcement, DOJ said it unsealed indictments dating back to 2021 to charge four Russian nationals working for their government “with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018.”
DOJ said the hacking campaigns “targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.” According to one of the indictments, the attackers caused two separate emergency shutdowns at a foreign targeted facility, and “subsequently attempted to hack the computers of a U.S. company that managed similar critical infrastructure entities in the United States.”
Another indictment alleges three officers of Russia’s Federal Security Service targeted intrusions against “hundreds of entities related to the energy sector worldwide,” and said that “access to such systems would have provided the Russian government the ability to, among other things, disrupt and damage such computer systems at a future time of its choosing.”
“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure both in the United States and around the world,” commented Deputy Attorney General Lisa Monaco. She continued, “Although the criminal charges unsealed today reflect past activity, they make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant.”
DOE, FBI, and CISA made clear in their new advisory that the alert covers that same historical Russian hacking activity. But, the agencies warned that “state-sponsored Russian cyber operations continue to pose an ongoing threat to U.S. Energy Sector networks.”
The agencies included in the advisory a list of mitigation steps that energy and other critical infrastructure organizations should take including implementing “robust” network segmentation between IT and industrial control systems (ICS) networks, enforcing multifactor authentication, and managing the use of privileged accounts.
“While the intrusions highlighted in this advisory span an earlier period of time, the associated tactics, techniques, procedures, and mitigation steps are still highly relevant in the current threat environment,” commented CISA Director Jen Easterly.
“DOE takes threats to the U.S. energy sector seriously and urges industry partners to remain vigilant in light of Russia’s invasion of Ukraine,” said Puesh Kumar, director of DOE’s Office of Cybersecurity, Energy Security, and Emergency Response.
Separately, President Biden and EU President Ursula von der Leyen pledged on March 24 that the U.S. and EU will “continue efforts to support Ukraine in defending its networks against cyber incidents.”
“In preparation for any Russian malicious cyber response to the actions we have taken, we are taking steps to increase the resilience of the infrastructure in our respective nations by strengthening our coordinated cyber defences and improving our shared awareness of cyber threats,” they said.