• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • APT
  • Breaking News
  • Cyber warfare
  • Hacking
  • Security
  • Alleged Russian state-sponsored hackers behind Baltic energy networks

Alleged Russian state-sponsored hackers behind Baltic energy networks

Pierluigi Paganini May 20, 2017

A wave of cyber attacks against the Baltic energy networks raised concerns that foreign states could disable them in the region.

A wave of “exploratory” cyber attacks targeted energy networks of the Baltic states, the NATO alliance is following with apprehension the events.

Baltic attacks raised concerns that foreign states could disable the energy networks in the region.

Experts suspect the involvement of a Russian state actor due to strategic interest of Russia in the states the are on the political front line between Russia and the West.

NATO members Lithuania, Latvia, and Estonia are members of the European Union plan to synchronize their grids with the EU.

“Suspected Russia-backed hackers have launched exploratory cyber attacks against the energy networks of the Baltic states, sources said, raising security concerns inside the West’s main military alliance, NATO.” reported the Reuters agency, “The Baltics are locked into Russia’s power network but plan to synchronize their grids with the EU.”

NATO experts and cyber security researchers believe hackers are testing the Baltic energy networks for weaknesses.

“On a daily basis there are DDoS attacks designed to probe network architecture, so it could well be possible that something (serious) could take place later on,” a Brussels-based NATO official said under a condition of anonymity.

The most clamorous attacks against the energy industry in East Europe was the ones that targeted the grids in Ukraine that caused a power outage in specific areas of the country, anyway according to a number of experts, utility officials and law enforcement agencies Baltic energy networks were targeted with an unceasing offensive over the past two years.

There is the conviction that Russian state-sponsored hackers powered these attacks.

According to the Reuters, at the end of 2015, hackers launched a DDoS cyber-attack on an Internet gateway used to control a Baltic electricity grid. The attack disrupted the operations but did not cause blackouts.

According to the same source, alleged Russian hackers had launched a DDoS attack against a Baltic petrol-distribution system to disrupt petrol deliveries from storage tanks to a network of petrol stations.

The Reuters reported also a malware-based attack against a Baltic grid.

“In a separate malware attack on another undisclosed Baltic grid, also around end-2015, hackers targeted network communication devices, serial-to-ethernet converters (STEC), which link sub-stations to central control, two other sources said. The attack did not cause service disruption, they added.” states the Reuters.

Security experts are still investigating the above incidents, we cannot exclude that hackers have compromised the critical infrastructure and are still undetected due to sophisticated TTPs.

STECs converters were also targeted in Ukraine by the Russian Sandworm APT group, the same crew that targeted energy companies in Western Europe and the United States in a campaign in 2014.

Baltic energy networks iSIGHT Partners sandworm

According to the two sources cited by the Reuters, investigators had detected the presence of Sandworm in the Baltics, in one case was still active.

“It’s the same kind of slander as all the other similar accusations,” Kremlin spokesman Dmitry Peskov said when asked by Reuters about the possible hacks.

“Russia has never cut power flows to the Baltic states or threatened to do so.”

Lithuanian grid operator Litgrid confirmed that cyber attacks on its systems are not a novelty but it added that it had not seen DDoS attacks.

Latvia’s grid operator AST confirmed that no incident was observed in the last months.

“A security official based in the Baltics said cyber attacks usually increased when Russia carried out large military exercises near its borders with the Baltic states.” continues the Reuters.

In its 2017 national security threat assessment, the Lithuanian government reported large-scale DDoS attacks in April 2016 against state ministries and institutions, Vilnius airport, media and “other important Lithuanian cyber infrastructure”.

“A major part of executed cyber attacks against the state sector of Lithuania in 2016 were associated with Russian intelligence,” the report said.

Lithuania’s state-owned energy holding group, Lietuvos Energija, also confirmed that  it had faced sophisticated cyber attacks against its systems, including power distribution.

“We do assume that we have adversaries who want to harm us,” said Liudas Alisauskas, information security chief at Lietuvos.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Baltic energy networks, Russia)

[adrotate banner=”13″]


facebook linkedin twitter

Baltic energy networks DDoS energy Information Warfare malware Russia Sandworm state sponsored hackers

you might also like

Pierluigi Paganini July 11, 2025
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini July 10, 2025
UK NCA arrested four people over M&S, Co-op cyberattacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    DoNot APT is expanding scope targeting European foreign ministries

    APT / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT