Published in News

Russian hackers break into air-gapped US networks

by on24 July 2018

Hacked vendors

US Homeland Security has found evidence that Russian hackers have broken into supposedly secure, "air-gapped" or isolated networks owned by utilities.

Apparently, they did this by penetrating the networks of key vendors who had trusted relationships with the power companies.

The attackers began by using conventional tools - spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites - to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarised themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions. Their goal: to disguise themselves as "the people who touch these systems on a daily basis".

Department of Homeland Security said the hacker’s plan of attack was so good that they got to the point where they could have thrown switches and disrupted power flows.

Jonathan Homer, chief of industrial-control-system analysis for DHS said the hacking campaign started last year and likely is continuing.

DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing was the first time that DHS has given out information in an unclassified setting with as much detail.

So far it has not named victims but now says there were hundreds of victims, not a few dozen as had been said previously.

Some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.

Still it is all OK. President Vladimir Puttin has told Donald Trump that his security people are lying and he is not hacking anyone

Last modified on 24 July 2018
Rate this item
(0 votes)

Read more about: