Alleged Russian state-sponsored hackers behind Baltic energy networks

A wave of cyber attacks against the Baltic energy networks raised concerns that foreign states could disable them in the region.

A wave of “exploratory” cyber attacks targeted energy networks of the Baltic states, the NATO alliance is following with apprehension the events.

Baltic attacks raised concerns that foreign states could disable the energy networks in the region.

Experts suspect the involvement of a Russian state actor due to strategic interest of Russia in the states the are on the political front line between Russia and the West.

NATO members Lithuania, Latvia, and Estonia are members of the European Union plan to synchronize their grids with the EU.

“Suspected Russia-backed hackers have launched exploratory cyber attacks against the energy networks of the Baltic states, sources said, raising security concerns inside the West’s main military alliance, NATO.” reported the Reuters agency, “The Baltics are locked into Russia’s power network but plan to synchronize their grids with the EU.”

NATO experts and cyber security researchers believe hackers are testing the Baltic energy networks for weaknesses.

“On a daily basis there are DDoS attacks designed to probe network architecture, so it could well be possible that something (serious) could take place later on,” a Brussels-based NATO official said under a condition of anonymity.

The most clamorous attacks against the energy industry in East Europe was the ones that targeted the grids in Ukraine that caused a power outage in specific areas of the country, anyway according to a number of experts, utility officials and law enforcement agencies Baltic energy networks were targeted with an unceasing offensive over the past two years.

There is the conviction that Russian state-sponsored hackers powered these attacks.

According to the Reuters, at the end of 2015, hackers launched a DDoS cyber-attack on an Internet gateway used to control a Baltic electricity grid. The attack disrupted the operations but did not cause blackouts.

According to the same source, alleged Russian hackers had launched a DDoS attack against a Baltic petrol-distribution system to disrupt petrol deliveries from storage tanks to a network of petrol stations.

The Reuters reported also a malware-based attack against a Baltic grid.

“In a separate malware attack on another undisclosed Baltic grid, also around end-2015, hackers targeted network communication devices, serial-to-ethernet converters (STEC), which link sub-stations to central control, two other sources said. The attack did not cause service disruption, they added.” states the Reuters.

Security experts are still investigating the above incidents, we cannot exclude that hackers have compromised the critical infrastructure and are still undetected due to sophisticated TTPs.

STECs converters were also targeted in Ukraine by the Russian Sandworm APT group, the same crew that targeted energy companies in Western Europe and the United States in a campaign in 2014.

According to the two sources cited by the Reuters, investigators had detected the presence of Sandworm in the Baltics, in one case was still active.

“It’s the same kind of slander as all the other similar accusations,” Kremlin spokesman Dmitry Peskov said when asked by Reuters about the possible hacks.

“Russia has never cut power flows to the Baltic states or threatened to do so.”

Lithuanian grid operator Litgrid confirmed that cyber attacks on its systems are not a novelty but it added that it had not seen DDoS attacks.

Latvia’s grid operator AST confirmed that no incident was observed in the last months.

“A security official based in the Baltics said cyber attacks usually increased when Russia carried out large military exercises near its borders with the Baltic states.” continues the Reuters.

In its 2017 national security threat assessment, the Lithuanian government reported large-scale DDoS attacks in April 2016 against state ministries and institutions, Vilnius airport, media and “other important Lithuanian cyber infrastructure”.

“A major part of executed cyber attacks against the state sector of Lithuania in 2016 were associated with Russian intelligence,” the report said.

Lithuania’s state-owned energy holding group, Lietuvos Energija, also confirmed that it had faced sophisticated cyber attacks against its systems, including power distribution.

“We do assume that we have adversaries who want to harm us,” said Liudas Alisauskas, information security chief at Lietuvos.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Baltic energy networks, Russia)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.