Russian Targeting US Energy and Other Critical Infrastructure Sectors

The Department of Homeland Security and the FBI issued a joint alert last week:

Russian government cyber actors” have been targeting U.S. critical infrastructure sectors, including energy, nuclear and commercial facilities, since at least March 2016.

This alert isn’t for any other data breach. but it is nation state sponsor cyber war and now they are targeting energy sector (e.g power grid). Trying to kill life line of every citizen. Russian has done this before in Ukraine and it is well documented. Recently North Korean was almost successful in targeting Indian Nuclear plant. This seems beginning a new norm in complex Information era.

Following techniques are being used:

  • spear-phishing emails (from compromised legitimate account),
  • watering-hole domains,
  • credential gathering,
  • open-source and network reconnaissance,
  • host-based exploitation, and
  • targeting industrial control system (ICS) infrastructure.

Systems Affected

  • Domain Controllers
  • File Servers
  • Email Servers
  • Power Grids

Reads more in below document and how cyber activity happens in different stages.

Read General Best Practices Applicable to this Campaign.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.