#1243178: Hackers Exploited Contractors, Personal Relationships to Target U.S. Utilities

Description: Cyber attackers infiltrated U.S. utilities through contractors and subcontractors, according to a WSJ investigation of a malicious campaign that targeted energy companies starting in 2016.

Many methods. Hackers attempted to infiltrate companies in at least 24 U.S. states. Tactics included sending phishing emails to small construction firms and other contractors, planting malware on online publications read by utility engineers and emailing fake job applications with compromised attachments, according to the Journal.

Familiar modus operandi. Attacks on third-parties, including managed service providers, have intensified as hackers try to gain access to corporate customers, as WSJ Pro Cybersecurity has reported. The attackers go after a variety of businesses and different kinds of information, Jeanette Manfra, assistant secretary for the cybersecurity office at the Department of Homeland Security, told WSJ Pro reporter Catherine Stupp in October.

Phishing for energy firms. One phishing email compromised a small Oregon professional services company in June 2017, according to a report from a DHS investigation that WSJ reviewed. Once inside the company's systems, hackers accessed its network dozens of times. They targeted at least six energy firms. They used the Oregon company's network to send emails from a fabricated person to apply for jobs in at least three energy firms and included tainted attachments in those emails. The energy companies, Franklin PUD, Dairyland Power Cooperative and New York State Electric and Gas Corp., said they were aware of the campaign and do not believe they were compromised.

Russian connection. The U.S. government noticed the campaign in the summer of 2016 and publicly warned about the hacker group, called Dragonfly or Energetic Bear, in October 2017. Researchers have connected the group to the Russian government. At least 60 utilities were targeted, including firms outside the U.S., according to Vikram Thakur, technical director of security response for Symantec Corp. About two dozen were breached, he said.
More info: https://cybersecurity.cmail19.com/t/ViewEmail/d/BB6FE631C31ED9D02540EF23F30FEDED/E95E9F93CC29B95B6D5E5F9A8728A5A6

Date added Jan. 11, 2019, 2:59 p.m.
Source Wall Street Email
Subjects
  • Critical Infrastructure / infra-structure
  • Energy - Oil / Electricity / Gas Utilities Alerts
  • Latest Global Security News
  • News USA
  • Utilities - Waste Water - Alerts
  • Utilities - Water - Alerts