FBI warns of growing risks of Russia-linked attacks on US energy firms

Pierluigi Paganini March 23, 2022

The FBI is warning of risks related to cyber attacks aimed at energy companies of Russia-linked threat actors.

The FBI is warning energy companies of the risks of cyber attacks carried out by Russia-linked threat actors, reported The Associated Press.

The Associated Press has access to a security advisory issued by the FBI that reports that Russia-linked threat actors have conducted a reconnaissance activity aimed at least five energy companies. The same attackers also targeted at least 18 other companies in multiple industries, including the defense industrial base and financial services. The advisory does name any of the companies probed by Russian hackers.

The advisory reports scanning activities on the network of the companies, which could indicate that threat actors are gathering information to use in later attacks.

“An FBI advisory obtained by The Associated Press on Tuesday says Russian hackers have scanned at least five energy companies for vulnerabilities and at least 18 other companies in sectors including the defense industrial base and financial services.” states the AP. “Scanning a network for flaws or vulnerabilities is common and does not indicate that an attack is forthcoming, though the activity can sometimes be a precursor of one. Still, the warning by the FBI, dated Friday, underscores the Biden administration’s heightened cybersecurity concerns due to Russia’s war with Ukraine.”

Early this week the White House announced that there were ongoing activities that suggest Russia was probing US critical infrastructure to launch cyberattacks.

Biden announced that the administration has issued “new warnings that, based on evolving intelligence, Russia may be planning a cyberattack against us. … The magnitude of Russia’s cyber capacity is fairly consequential, and it’s coming.”

The advisory issued by the FBI includes 140 IP addresses associated with the scanning of US critical infrastructure since at least March 2021.

These IP addresses have been associated with the “active exploitation of a foreign victim, which resulted in destruction of the victim’s systems.”

That scanning activity has increased since the beginning of the Ukraine invasion, “leading to a greater possibility of future intrusions.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BazarLoader)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment