Tag Archive for: Grid

Ukraine Says Potent Russian Hack Against Power Grid Thwarted – NBC 5 Dallas-Fort Worth

/in


Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Ukraine’s eastern city of Kharkiv came under heavy shelling on Monday, causing multiple casualties and severe damage.

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers….

Source…

Chinese hackers target India’s power grid near Ladakh; gather intelligence info

/in




Chinese hackers target India's power grid near Ladakh; gather intelligence info

© Provided by Business Today
Chinese hackers target India’s power grid near Ladakh; gather intelligence info

India’s power sector has been targeted in recent months by suspected state-sponsored Chinese hackers as part of an evident cyber-espionage campaign, according to a report by the threat intelligence firm Recorded Future Inc. published on Wednesday.  

The hackers targeted at least seven Load Despatch Centres (SLDCs) in northern India responsible for carrying out real-time operations for grid control and electricity dispatch in the areas they are situated in, near the disputed India-China border in Ladakh, the report notes. 

Also Read: 40 Telangana sub-stations attacked by Chinese malware

One of the SLDCs was also targeted earlier by another hacking group, RedEcho, which Recorded Future said shares “strong overlaps” with a hacking group that the US has linked to the Chinese government. 

“The prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited economic espionage or traditional intelligence-gathering opportunities,” the report states. 

“We believe this is instead likely intended to enable information-gathering surrounding critical infrastructure and/or pre-positioning for future activity,” it adds. 

Furthermore, the hackers also compromised an Indian national emergency response system as well as a subsidiary of a multinational logistics firm, the report states. 

Also Read: Attempts from time to time to launch attacks on Indian cyberspace: Govt

The hacking group, named TAG-38, has used ShadowPad malware, which is a kind of malicious software that steals data from a victim computer and automatically communicates with the computer servers at the hacker’s end. 

The malware was earlier associated with China’s People’s Liberation Army (PLA) and the Ministry of State Security, as per Recorded Future. 

China has constantly refuted its involvement in malicious cyber activity despite several accusations that it sponsors criminal contract hackers.

(With inputs from Ankit Kumar.)

Watch Live TV in English

Watch Live TV in Hindi

Source…

Criminal hackers are preying on the world’s sympathies for Ukraine – Grid News

/in


Cybercriminals are using the war in Ukraine to enrich themselves by defrauding people trying to help the embattled country.

Their techniques include malware, phishing attacks and straight-up scams. Emails that purport to come from Ukrainian government agencies deliver malware designed to let an attacker control the recipient’s computer. When Ukraine started soliciting donations in cryptocurrency, criminals created and marketed fake coins. And some are attempting to trick inexperienced volunteers for Ukraine’s “IT Army” into downloading malware disguised as distributed denial of service (DDoS) software to fight Russian interests online.

The fact that regular people far from Ukraine are getting involved in DDoS attacks and donating cryptocurrencies is a sign that the “baseline technological knowledge for the majority of people is much higher than it ever has been,” said threat researcher Nick Biasini, head of outreach at security firm Cisco Talos. But a little knowledge can be a dangerous thing: It’s also given cybercriminals a way to capitalize on their efforts and prey on the public’s best intentions, especially those of the well-meaning amateur hackers joining in Ukraine’s cyber defense.

“Broadly speaking, cybercriminals take advantage of whatever situation is out there and whatever situation is in the news,” said Allan Liska, an intelligence analyst at the security firm Recorded Future, which tracks ransomware attacks.

The current situation echoes the early 2000s, when “hacktivism” was popular. Hackers would release legitimate tools that people could use to launch a DDoS attack against targets like banks, and cybercriminals would follow by putting out similar-sounding tools that were actually malware.

“History doesn’t repeat itself, but it often rhymes,” Liska said, invoking a Mark Twain-attributed quote. “We have seen similar kinds of activity in the past even as it relates to activism, but not in a war setting.”

Scams surge as global concern rises

Since Feb. 1, network intelligence and cybersecurity provider Cujo AI has identified about 1,500 unique internet domains that are related to helping Ukraine. About 5 percent of them are scam sites, said…

Source…

Despite years of preparation, Ukraine’s electric grid still an easy target for Russian hackers

/in


“If Russia wants to take down the Ukrainian electric system, I have full confidence that they can, and the Ukrainian playbook in many ways is in a place where prevention’s not going to happen,” Robert M. Lee, CEO and co-founder of cybersecurity group Dragos, said in an interview. He argued corruption and economic barriers in Ukraine have gotten in the way of hardening the electric grid. The Ukrainian Embassy in Washington, D.C., did not respond to a request for comment.

President Joe Biden said Friday that the U.S. has every indication that Russian leader Vladimir Putin has decided to invade “in the coming days.” His warning came after a senior U.S. official estimated that Russia had lined up 169,000 to 190,000 fighters for the invasion, in “the most significant military mobilization in Europe since the Second World War.”

Alongside a physical invasion, Putin could marshal the full array of cyber and disinformation tools that it has inflicted on targets around the world during the past decade, including the U.S. And the electric grid is a ripe target.

Ukraine has repeatedly served as a laboratory for these kinds of attacks since Russia’s invasion and seizure of its Crimea region in 2014.

The first example came almost seven years ago, when three Ukrainian power stations went dark for six hours in the middle of winter, blacking out Kyiv and a large swathe of Western Ukraine. The hackers — identified by U.S. officials as Russian — tunneled inside the plants’ controls and opened breakers to prevent power flow. On top of that, they locked out power station employees from their accounts so they couldn’t respond to the attack, and overwhelmed the power stations’ call centers with a barrage of malicious online traffic — making it difficult for customers to report outages.

One year later, in 2016, Russian hackers went one step further and tried to disable the transmission equipment by overloading controls with internet activity, which would have made it unsafe for workers to manually restore power, according to a report from Dragos. The attack left portions of Kyiv in the dark for more than an hour — and even though the attackers failed to fully incapacitate…

Source…