Nov 10 2023

Russian Hackers Hijacked Power Station Circuit Breakers Using LotL Technique

Category: Hacking,Information Securitydisc7 @ 11:10 am

In a recent and alarming development, the notorious Russia-linked threat actor Sandworm executed a sophisticated cyber-physical attack targeting a critical infrastructure organization in Ukraine. 

The incident, responded to by cybersecurity firm Mandiant, unfolded as a multi-event assault, showcasing a novel technique to impact Industrial control systems (ICS) and operational technology (OT).

Unraveling Russia’s Cyber-Physical Capabilities

The attack, spanning from June to October 2022, demonstrated a significant evolution in Russia’s cyber-physical attack capabilities, notably visible since the invasion of Ukraine. 

Sandworm, known for its allegiance to Russia’s Main Intelligence Directorate (GRU), has historically focused on disruptive and destructive campaigns, particularly in Ukraine.

The unique aspect of this attack involved Sandworm’s utilization of living-off-the-land (LotL) techniques at the OT level, initially causing an unplanned power outage in conjunction with missile strikes across Ukraine. 

The threat actor further demonstrated its adaptability by deploying a new variant of the CADDYWIPER malware in the victim’s IT environment.

Mandiant’s analysis revealed the complexity of the attack, highlighting Sandworm’s ability to recognize novel OT threat vectors, develop new capabilities, and exploit various OT infrastructures. 

The threat actor’s deployment of LotL techniques indicated a streamlined approach, reducing the time and resources required for the cyber-physical assault.

Concerns Over Sandworm’s Adaptive Capabilities

Despite being unable to pinpoint the initial intrusion point, Mandiant suggested that the OT component of the attack may have been developed in as little as two months. 

This raises concerns about Sandworm’s capability to rapidly adapt and deploy similar attacks against diverse OT systems worldwide.

Sandworm’s global threat activity, coupled with its novel OT capabilities, prompted a call to action for OT asset owners worldwide. 

Mandiant provided detailed guidance, including detection methods, hunting strategies, and recommendations for hardening systems against such threats.

The attack’s timing, coinciding with Russian kinetic operations, suggested a strategic synchronization, indicating that the threat actor may have been waiting for a specific moment to deploy its capabilities. 

As observed in this incident, the evolution of Sandworm’s tactics offers insights into Russia’s ongoing investment in OT-oriented offensive cyber capabilities.

In conclusion, this Sandworm attack serves as a stark reminder of the escalating cyber threats faced by critical infrastructure globally. 

The continuous evolution of cyber adversaries necessitates a proactive approach from governments, organizations, and asset owners to secure and safeguard vital systems against such sophisticated attacks.

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Power station, Sandworm

Aug 05 2010

DHS Quietly Dispatching Teams to Test Power Plant Cybersecurity

Category: cyber securityDISC @ 1:22 pm
DHS Logo
Image via Wikipedia

The Department of Homeland Security is quietly creating teams of experts charged with assessing the cyber security needs of power plants in the U.S. The question is why the secrecy? When plants vulnerabilities are known facts in both security and hacker communities, perhaps it is time to pay attention or impossible to ignore anymore even by DHS.

Utility Security: The New Paradigm

By Jaikumar Vijayan
The Department of Homeland Security (DHS) is quietly creating specialized teams of experts to test industrial control systems at U.S power plants for cybersecurity weaknesses, according to a report published today by the Associate Press.

According to the Associate Press report, DHS has so far created four teams to conduct such assessments, according to Sean McGurk, director of control system security. McGurk told the news service that 10 teams are expected to be in the field next year as the program’s annual budget grows from $10 million to $15 million.

To read the rest of the article….

Tags: Computer security, Control system, Homeland Security Department, power plants, Power station, United States Department of Homeland Security, utilities