Russia accused of Energy Sector Siege

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Advanced attackers, most likely from Russia, seem to be in the reconnaissance phase of a cyber war, according to a research report from threat hunting firm Vectra. The attackers are using stealthy tactics seemingly to prepare and position themselves for possible future of cyber warfare, using Energy and Utilities as important elements.

Typically over the course of several months the attackers patiently use already installed tools on systems, living off the land, to grab documentation and observe operator behaviors. Performing lateral movement to expand access, while take care to not set of common alarm bells.

United States DHS computer emergency readiness team released an alert known as TA18-074A in March 2018 regarding this.

PDF

Top 5 Security links