Federal Agencies Release Advisory with Historical Hacking Campaigns Targeting Critical Infrastructure by Russia

The Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and Energy Department on March 24 outlined numerous intrusion campaigns conducted by indicted Russian state-sponsored cyber actors against energy sector organizations in the U.S. and abroad between 2011 and 2018. The agencies recommended actions for executives and leaders to take, urging the U.S. and international energy sector and other critical infrastructure organizations to apply mitigations and lower risk of compromise as Russian cyber attacks present a constant threat.

On the same day, the U.S. Department of Justice unsealed indictments of three Russian federal security service officers and an employee of the Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) for intrusion on U.S. refineries, nuclear sites, and energy companies. Among the aforementioned intrusions, the global energy sector intrusion campaign from 2011-2018 involved a multi-stage campaign to gain remote access to U.S. and international energy sector networks, deploy malware focused on industrial control systems (ICS), and collect and exfiltrate enterprise and ICS-related data. In a 2012 campaign, which compromised a middle east-based energy sector organization, Russian cyber actors associated with TsNIIKhM leveraged TRITON malware to manipulate a foreign oil refinery’s ICS controllers.

Responding to these campaigns, the agencies took appropriate measures both at the time they occurred and throughout and shared information to highlight historical tactics, techniques, and procedures used by adversaries to attack critical infrastructure.

To reduce the risk of compromise, the federal agencies recommend the energy sector and other critical infrastructure organizations to enforce and maintain strong network segmentation between information technology and ICS, implement multifactor authentication to validate into a system, and manage permissions associated with privileged accounts.





EnerKnol Pulses like this one are powered by the EnerKnol Platform—the first comprehensive database for real-time energy policy tracking. Sign up for a free trial below for access to key regulatory data and deep industry insights across the energy spectrum.

ACCESS FREE TRIAL