Alleged Russian state-sponsored hackers behind Baltic energy networks

A wave of cyber attacks against the Baltic energy networks raised concerns that foreign states could disable them in the region.

A wave of “exploratory” cyber attacks targeted energy networks of the Baltic states, the NATO alliance is following with apprehension the events.

Baltic attacks raised concerns that foreign states could disable the energy networks in the region.

Experts suspect the involvement of a Russian state actor due to strategic interest of Russia in the states the are on the political front line between Russia and the West.

NATO members Lithuania, Latvia, and Estonia are members of the European Union plan to synchronize their grids with the EU.

“Suspected Russia-backed hackers have launched exploratory cyber attacks against the energy networks of the Baltic states, sources said, raising security concerns inside the West’s main military alliance, NATO.” reported the Reuters agency, “The Baltics are locked into Russia’s power network but plan to synchronize their grids with the EU.”

The most clamorous attacks against the energy industry in East Europe was the ones that targeted the grids in Ukraine that caused a power outage in specific areas of the country, anyway according to a number of experts, utility officials and law enforcement agencies Baltic energy networks were targeted with an unceasing offensive over the past two years.

There is the conviction that Russian state-sponsored hackers powered these attacks.

According to the Reuters, at the end of 2015, hackers launched a DDoS cyber-attack on an Internet gateway used to control a Baltic electricity grid. The attack disrupted the operations but did not cause blackouts.

According to the same source, alleged Russian hackers had launched a DDoS attack against a Baltic petrol-distribution system to disrupt petrol deliveries from storage tanks to a network of petrol stations.

The Reuters reported also a malware-based attack against a Baltic grid.

“In a separate malware attack on another undisclosed Baltic grid, also around end-2015, hackers targeted network communication devices, serial-to-ethernet converters (STEC), which link sub-stations to central control, two other sources said. The attack did not cause service disruption, they added.” states the Reuters.

Security experts are still investigating the above incidents, we cannot exclude that hackers have compromised the critical infrastructure and are still undetected due to sophisticated TTPs.

STECs converters were also targeted in Ukraine by the Russian Sandworm APT group, the same crew that targeted energy companies in Western Europe and the United States in a campaign in 2014.

According to the two sources cited by the Reuters, investigators had detected the presence of Sandworm in the Baltics, in one case was still active.

“It’s the same kind of slander as all the other similar accusations,” Kremlin spokesman Dmitry Peskov said when asked by Reuters about the possible hacks.

“Russia has never cut power flows to the Baltic states or threatened to do so.”

Lithuanian grid operator Litgrid confirmed that cyber attacks on its systems are not a novelty but it added that it had not seen DDoS attacks.

Latvia’s grid operator AST confirmed that no incident was observed in the last months.

“A security official based in the Baltics said cyber attacks usually increased when Russia carried out large military exercises near its borders with the Baltic states.” continues the Reuters.

In its 2017 national security threat assessment, the Lithuanian government reported large-scale DDoS attacks in April 2016 against state ministries and institutions, Vilnius airport, media and “other important Lithuanian cyber infrastructure”.

“A major part of executed cyber attacks against the state sector of Lithuania in 2016 were associated with Russian intelligence,” the report said.

Lithuania’s state-owned energy holding group, Lietuvos Energija, also confirmed that  it had faced sophisticated cyber attacks against its systems, including power distribution.

“We do assume that we have adversaries who want to harm us,” said Liudas Alisauskas, information security chief at Lietuvos.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Baltic energy networks, Russia)

[adrotate banner=”13″]