Russian hackers infiltrated many US critical infrastructure

Pierluigi Paganini November 08, 2014

The Department of Homeland Security (DHS) revealed that Russian hackers have infiltrated several critical infrastructure in the United States.

Government officials reported to the ABC News agency that hackers have compromised computing systems in many nation’s critical infrastructure. The attackers have infected the software that runs in the critical infrastructure with a malware, the circumstance creates a lot of anxiety in Intelligence and military industry due to the vital role of the hacked architecture.

An attack against critical infrastructure poses a serious risk for the stability of any government, the damages could be of different nature, including huge economic losses and losses of human lives.

Sources reported to the news agency that the attacks appear to be state-sponsored hacking campaign and that the Russia is the nation that is coordinating them.

“A destructive “Trojan Horse” malware program has penetrated the software that runs much of the nation’s critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security. National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat.” reports the ABCnews.”

The experts speculate that the ICS SCADA systems in many plants have been infected, these software controls critical processes for the operation of critical infrastructure, including power transmission grids, wind turbines, nuclear plants and oil and gas pipelines.

critical infrastructure

The DHS revealed that the hacking campaign has been running at least since 2011, despite so sabotage act has been detected since now.

“DHS sources told ABC News they think this is no random attack and they fear that the Russians have torn a page from the old, Cold War playbook, and have placed the malware in key U.S. systems as a threat, and/or as a deterrent to a U.S. cyber-attack on Russian systems – mutually assured destruction.” continues the ABCnews. “The hack became known to insiders last week when a DHS alert bulletin was issued by the agency’s Industrial Control Systems Cyber Emergency Response Team to its industry members. The bulletin said the “BlackEnergy” penetration recently had been detected by several companies.”

The BlackEnergy malware was written by a Russian hacker and it was originally used to run DDoS attacks, bank frauds and for spam distribution. The new variant was used in targeted attacks on government entities and private companies across a range of industries. According to a report issued by ESET, the new varian has been found targeting more than 100 government and industry organizations in Poland and the Ukraine, and other attacks based on BlackEnergy hit a target in Brussels, Belgium, as reported by F-Secure.

F-Secure security adviser Sean Sullivan speculated that BlackEnergy detected in Brussels have been used in a targeted attack on the European Parliament or European Commission.

Experts Robert Lipovsky and Anton Cherepanov from ESET presented at the Virus Bulletin conference in Seattle the findings of their research, the malicious campaigns based on BlackEnergy malware started during 2014 and are still ongoing.

US infrastructure and government agencies are constantly under attack, a few weeks ago the White House confirmed to have suffered a cyberattack on its computer network which lasted for almost two weeks. In that circumstance, according to an unnamed official at the White House, hackers infiltrated an unclassified network and the Obama Administration has confirmed the incident. Different media agencies, including The Washington Post cited sources as saying that the attackers were linked to the Russian government. The worrying news is that the attacks was not initially discovered by the White House staff, and according to the Post an “ally” made US officials aware of the offensive, meanwhile the US Intelligence reported that the attacks triggered an internal detection system.

The unique certainty is that almost every government is working to improve its cyber capabilities and to protect critical infrastructure from attacks by foreign hackers.

Pierluigi Paganini

Security Affairs –  (critical infrastructure, Russia)

you might also like

leave a comment