• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • APT
  • Breaking News
  • Cyber warfare
  • Hacking
  • Security
  • Alleged Russian state-sponsored hackers behind Baltic energy networks

Alleged Russian state-sponsored hackers behind Baltic energy networks

Pierluigi Paganini May 20, 2017

A wave of cyber attacks against the Baltic energy networks raised concerns that foreign states could disable them in the region.

A wave of “exploratory” cyber attacks targeted energy networks of the Baltic states, the NATO alliance is following with apprehension the events.

Baltic attacks raised concerns that foreign states could disable the energy networks in the region.

Experts suspect the involvement of a Russian state actor due to strategic interest of Russia in the states the are on the political front line between Russia and the West.

NATO members Lithuania, Latvia, and Estonia are members of the European Union plan to synchronize their grids with the EU.

“Suspected Russia-backed hackers have launched exploratory cyber attacks against the energy networks of the Baltic states, sources said, raising security concerns inside the West’s main military alliance, NATO.” reported the Reuters agency, “The Baltics are locked into Russia’s power network but plan to synchronize their grids with the EU.”

NATO experts and cyber security researchers believe hackers are testing the Baltic energy networks for weaknesses.

“On a daily basis there are DDoS attacks designed to probe network architecture, so it could well be possible that something (serious) could take place later on,” a Brussels-based NATO official said under a condition of anonymity.

The most clamorous attacks against the energy industry in East Europe was the ones that targeted the grids in Ukraine that caused a power outage in specific areas of the country, anyway according to a number of experts, utility officials and law enforcement agencies Baltic energy networks were targeted with an unceasing offensive over the past two years.

There is the conviction that Russian state-sponsored hackers powered these attacks.

According to the Reuters, at the end of 2015, hackers launched a DDoS cyber-attack on an Internet gateway used to control a Baltic electricity grid. The attack disrupted the operations but did not cause blackouts.

According to the same source, alleged Russian hackers had launched a DDoS attack against a Baltic petrol-distribution system to disrupt petrol deliveries from storage tanks to a network of petrol stations.

The Reuters reported also a malware-based attack against a Baltic grid.

“In a separate malware attack on another undisclosed Baltic grid, also around end-2015, hackers targeted network communication devices, serial-to-ethernet converters (STEC), which link sub-stations to central control, two other sources said. The attack did not cause service disruption, they added.” states the Reuters.

Security experts are still investigating the above incidents, we cannot exclude that hackers have compromised the critical infrastructure and are still undetected due to sophisticated TTPs.

STECs converters were also targeted in Ukraine by the Russian Sandworm APT group, the same crew that targeted energy companies in Western Europe and the United States in a campaign in 2014.

Baltic energy networks iSIGHT Partners sandworm

According to the two sources cited by the Reuters, investigators had detected the presence of Sandworm in the Baltics, in one case was still active.

“It’s the same kind of slander as all the other similar accusations,” Kremlin spokesman Dmitry Peskov said when asked by Reuters about the possible hacks.

“Russia has never cut power flows to the Baltic states or threatened to do so.”

Lithuanian grid operator Litgrid confirmed that cyber attacks on its systems are not a novelty but it added that it had not seen DDoS attacks.

Latvia’s grid operator AST confirmed that no incident was observed in the last months.

“A security official based in the Baltics said cyber attacks usually increased when Russia carried out large military exercises near its borders with the Baltic states.” continues the Reuters.

In its 2017 national security threat assessment, the Lithuanian government reported large-scale DDoS attacks in April 2016 against state ministries and institutions, Vilnius airport, media and “other important Lithuanian cyber infrastructure”.

“A major part of executed cyber attacks against the state sector of Lithuania in 2016 were associated with Russian intelligence,” the report said.

Lithuania’s state-owned energy holding group, Lietuvos Energija, also confirmed that  it had faced sophisticated cyber attacks against its systems, including power distribution.

“We do assume that we have adversaries who want to harm us,” said Liudas Alisauskas, information security chief at Lietuvos.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Baltic energy networks, Russia)

[adrotate banner=”13″]


facebook linkedin twitter

Baltic energy networks DDoS energy Information Warfare malware Russia Sandworm state sponsored hackers

you might also like

Pierluigi Paganini July 29, 2025
Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights
Read more
Pierluigi Paganini July 29, 2025
Seychelles Commercial Bank Reported Cybersecurity Incident
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

    Hacktivism / July 29, 2025

    Seychelles Commercial Bank Reported Cybersecurity Incident

    Data Breach / July 29, 2025

    Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

    Hacking / July 29, 2025

    U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

    Security / July 28, 2025

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT