Cyber Criminals Volunteer For War In Ukraine

Uploaded on 2022-04-13 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Production-Energy

Russia’s invasion of Ukraine has taken place both on and offline, blending physical devastation with escalating digital warfare and ransomware gangs and other hacking groups of both Russian nd Ukrainian origin have taken to social media to announce where their allegiances lie. 

The infamous cyber criminal group behind Conti ransomware has announced its full support for the Russian government and threatened to strike the critical infrastructure of anyone launching cyber attacks or war actions against Russia. At the same time the Anonymous hacking group has taken sides with Ukraine and is “officially in a cyber war against the Russian government.”

But now other attacking hackers are targeting industrial systems and they are getting more confident in their attack methods. Critical infrastructure, like power generation and distribution, is becoming more complex and reliant on networks of connected devices. Not so long ago, power grids and other critical infrastructure operated in isolation but now they are far more interconnected in terms of geography and across different energy generation sectors, increasing their vulnerability. 

The cyber security company Dragos has released a report detailing how electricity, oil, gas, and other critical infrastructure facilities are being increasingly targeted by cyber attackers who seek to compromise Industrial Control Systems (ICS) and Operational Technology (OT).  

Dragos says that the biggest cyber security weaknesses that European energy producers currently face are a lack of asset visibility into their network and weak network authentication policies. 

Without asset visibility organisations are unable to properly secure their OT environments as defenders cannot protect what they cannot see. Industrial operators should evaluate and implement the principle of least privilege to limit unauthorised access to OT environments. If compromised, ICS and OT can enable attackers to disrupt or tamper with critical services.

The report from Dragos details ten different hacking operations that are known to actively target industrial systems in North America and Europe. Dragos also warned that this malicious activity is likely to grow over the next year.

Among the ten operations includes several state-backed hacking gang such as Electrum/Sandworm, which is linked to the Russian military, and Covellite, which has ties to North Korea’s Lazarus Group. Vanadinite is also on the list and has ties to a hacking group working on behalf of China.

Dragos warns that more and more critical infrastructure is connected to the internet, making it accessible to staff by remote desktop protocols and VPNs. They are increasingly easy and attractive targets for malicious hacking groups interesting in breaching networks.

According to Dragos, the 10 most active threat groups targeting critical infrastructure are: 

  •  Xenotime: a group which targets oil & gas companies in Europe, the United States and Australia. It's easily the most dangerous threat activity publicly known. It is the only activity group intentionally compromising and disrupting industrial safety instrumented systems, which can lead to scenarios involving loss of life and environmental damage.
  • Magnallium: a group which initially targeted oil and gas and aircract companies in Saudi Arabia, which has expanded targeted to Europe and North America. It's thought to be related to APT 33, a state-sponsored Iranian hacking group.   
  • Electrum: this group is capable of developing malware that can modify and control OT procedures and Dragos researchers say this operation was responsible for Crash Override a malware attack on Ukraine's power grid in December 2016. Electrum is associated with Sandworm, an offensive hacking operation that's part of Russia's GRU military intelligence agency. 
  • Allanite: a group which targets enterprise and OT networks in the UK and US electricity sectors, as well as German industrial infrastructure and uses access to conduct reconnaissance on networks to potentially stage future disruptive events. It's believed Allanite is linked to Russia.
  • Chrysene: Active since at least 2017, this group has targeted industrial organisations in Europe and the Middle East, and mainly conducts intelligence gathering operations to potentially facilitate further attacks. Chrysense is suspected to be linked to Iran.
  • Kamacite: a group which has been active since at least 2014 and believed to be responsible for cyber attacks against Ukrainian power facilities in 2015 and 2016. The group is linked to Sandworm.
  • Covellite: a group which has targeted electric utilities in Europe, the US and East Asia using malicious attachments in phishing emails. The group is thought to be linked to the Lazarus Group, a state-backed hacking group working out of North Korea.
  • Vanadinite: A hacking group which targets external-facing, vulnerable software in industrial organisations around the world. It's thought to be linked to APT 41, a state-sponsored Chinese hacking operation.  
  • Parasite: a group which targets utilities, aerospace and oil and gas in Europe, the Middle East and North America. Thee group uses open source tools and known vulnerabilities for initial access. Parasite is suspected to be linked to Iran.
  • Dymalloy: a group which targets electric utilities, oil and gas and other advanced industrial entities across Europe, Turkey and North America. Described as "highly aggressive", Dymalloy looks for long-term persistence in networks and is thought to be linked to Russia.

Although it could take years to conduct a successful attack and understand the intricacies of the OT systems, hackers are most likely working to lay the groundwork for a major attack right now.

Dragos:    Allianz:     Oodaloop:      ZDNet:    The Record:      Ars Technica:     CSO Online:  

You Might Also Read:  

The Importance Of Securing OT Platforms:

 

« Impress Your Cyber Insurance Underwriters With These Essential Tips
EU & US Agree New Data Rules To Replace Privacy Shield »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

Verint Systems

Verint Systems

Verint is a leader in Actionable Intelligence with a focus on customer engagement optimisation, security intelligence, fraud, risk and compliance.

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Zercurity

Zercurity

Zercurity is on a mission to build the ultimate cybersecurity operations platform for businesses. To help protect against a growing number of internal and external threats.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

BrainStorm

BrainStorm

BrainStorm Threat Defense takes a new human-focused approach to security awareness that traditional training lacks. It’s a cutting-edge platform to make your users more security savvy.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

BLOCX

BLOCX

BLOCX is designed to address the ever-growing challenges of managing and securing digital devices, from personal computers to corporate networks.