Tag Archives: Russian hackers

Inflicting Pain. the Cyber Way

Leave a reply

Hackers backed by the Russian government have changed tactics in a yearslong campaign against energy companies in North America, Europe and the Middle East, according to Amazon.com cybersecurity researchers. The attackers are targeting internet routers and other widely used devices that have been set up incorrectly or sport known security holes….

In the latest attacks, which Amazon links to Russia’s military intelligence operation known as the GRU, hackers are breaking into electricity and other energy providers and third parties that sell security services to the sector, to steal the legitimate credentials of employees. The hackers try to establish long-term access, likely for espionage purposes, to harvest login information and other data, and move around corporate networks over time…Tools used by Amazon to monitor activity on its cloud infrastructure picked out “coordinated operations” against customer devices hosted on Amazon Web Services… That includes persistent connections to vulnerable routers, network management tools and other devices, and signs that data was being collected

France recently accused the GRU of waging cyberattacks against French ministries, defense contractors and media outlets with the aim of gathering intelligence and sowing division in the country. The European Union a year ago sanctioned a unit of the GRU’s Department of Special Tasks for orchestrating “coups, assassinations, bombings, and cyberattacks” in Europe and elsewhere. At the same time, the U.S. indicted members of the unit on similar charges.

Excerpt from  Kim S. Nash, Suspected Russian Hackers Step Up Attacks on U.S. Energy Firms, Research Shows, WSJ, Dec. 15, 2025

Hacking the Power Grid

Leave a reply

In Ukraine on Dec. 23, 2015 the power suddenly went out for thousands of people in the capital, Kiev, and western parts of the country. While technicians struggled for several hours to turn the lights back on, frustrated customers got nothing but busy signals at their utilities’ call centers….Hackers had taken down almost a quarter of the country’s power grid, claimed Ukrainian officials.  Specifically, the officials blamed Russians for tampering with the utilities’ software, then jamming the power companies’ phone lines to keep customers from alerting anyone….Several of the firms researching the attack say signs point to Russians as the culprits. The malware found in the Ukrainian grid’s computers, BlackEnergy3, is a known weapon of only one hacking group—dubbed Sandworm by researcher ISight Partners—whose attacks closely align with the interests of the Russian government. The group carried out attacks against the Ukrainian government and NATO in 2014…

The more automated U.S. and European power grids are much tougher targets. To cloak Manhattan in darkness, hackers would likely need to discover flaws in the systems the utilities themselves don’t know exist before they could exploit them. In the Ukrainian attack, leading security experts believe the hackers simply located the grid controls and delivered a command that shut the power off. Older systems may be more vulnerable to such attacks, as modern industrial control software is better at recognizing and rejecting unauthorized commands, says IOActive’s Larsen.

That said, a successful hack of more advanced U.S. or European systems would be a lot harder to fix. Ukrainian utility workers restored power by rushing to each disabled substation and resetting circuit breakers manually. Hackers capable of scrambling New York’s power plant software would probably have to bypass safety mechanisms to run a generator or transformer hotter than normal, physically damaging the equipment. That could keep a substation offline for days or weeks, says Michael Assante, former chief security officer for the nonprofit North American Electric Reliability.

Hackers may have targeted Ukraine’s grid for the same reason NATO jets bombed Serbian power plants in 1999: to show the citizenry that its government was too weak to keep the lights on. The hackers may even have seen the attack as in-kind retaliation after sabotage left 1.2 million people in Kremlin-controlled Crimea without lights in November 2015. In that case, saboteurs blew up pylons with explosives, then attacked the repair crews that came to fix them, creating a blackout that lasted for days. Researchers will continue to study the cyber attack in Ukraine, but the lesson may be that when it comes to war, a bomb still beats a keyboard.

Excerpts How Hackers Took Down a Power Grid, Bloomberg Business Week, Jan. 14, 2016