Energy


  • UK electricity middleman hit by cyber-attack

    May 14, 2020

    Elexon, a crucial middleman in the UK power grid network, reported that it fell victim to a cyber-attack earlier today. In a short message posted on its website, the company said the incident only impacted its internal IT network and employee laptops. The company’s email server was also impacted and had been taken down, cutting employees off from crucial ...

  • PoetRAT Trojan targets energy sector using coronavirus lures

    April 17, 2020

    Government and energy sectors are being targeted in a new campaign that weaponizes the coronavirus outbreak. On Thursday, Cisco Talos researchers Warren Mercer, Paul Rascagneres and Vitor Ventura published an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) striking both the Azerbaijan government and utility companies. According to the team, the malware attacks supervisory control ...

  • RagnarLocker ransomware hits EDP energy giant, asks for €10M

    April 14, 2020

    Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind energy. The company is present ...

  • What to know about cyberattacks targeting energy pipelines

    March 1, 2020

    The Department of Homeland Security (DHS) this past month disclosed a disruptive cyberattack on a U.S. energy facility, raising new concerns about protections for energy providers. The Cybersecurity and Infrastructure Security Agency (CISA), a division of DHS, said a ransomware attack hit a “natural gas compression facility,” leading to a two-day shutdown for the entire pipeline. While the agency ...

  • Ransomware Hits U.S. Electric Utility

    February 27, 2020

    The Reading Municipal Light Department (RMLD) was infected with ransomware, as revealed in a statement by the electric utility. RMLD did not disclose the details on how their system was infected or the demands of the group behind the malware. There was also no indication of plans to pay ransom to the threat actors. RMLD is an electric utility in ...

  • Researchers Use Smart Light Bulbs to Infiltrate Networks

    February 6, 2020

    Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the ZigBee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices. To make the discovery, Check Point researchers built on earlier studies that showed how to control smart light bulbs. The new finding focused ...

  • European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019

    January 23, 2020

    Over the course of the last year, Recorded Future research has demonstrated that Iran-nexus groups, possibly including APT33 (also called Elfin), have been prolific in amassing operational network infrastructure throughout 2019. Additionally, in November 2019, Microsoft disclosed that APT33 had shifted focus from targeting IT networks to physical control systems used in electric utilities, manufacturing, and oil refineries. We ...

  • Zeppelin: Russian Ransomware Targets High Profile Users in the U.S. and Europe

    January 11, 2020

    Zeppelin is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family initially known as Vega or VegaLocker. Although it’s clearly based on the same code and shares most of its features with its predecessors, the campaign that it’s been part of differs significantly from campaigns involving the previous versions of this malware. Vega samples were first ...

  • Oil-and-Gas APT Pivots to U.S. Power Plants

    January 10, 2020

    A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part of a broader trend in which cybercriminals focused on critical infrastructure are branching ...

  • ICS Cyberwarfare: The Latest Threat to America’s Power Grid

    November 20, 2019

    The modern world is dependent on electricity, and the United States is no exception. I remember the notorious blackouts that affected the eastern U.S. and Canada in August 2003. The duration of the mass power outage lasted anywhere between several hours and a week depending on where you were. I was in Hamilton, Canada, and ...

  • 17 US utility firms targeted by mysterious state-sponsored group

    September 24, 2019

    A mysterious state-sponsored hacking group has targeted at least 17 US utility firms with phishing emails for a five-month period between April 5 and August 29, Proofpoint reported today. The purpose of these attacks was to infect employees at US utility firms with LookBack, a remote access trojan with an extensive set of features. While no formal ...

  • Cyber-security incident at US power grid entity linked to unpatched firewalls

    September 9, 2019

    A cyber-security incident that impacted a US power grid entity earlier this year was not as dangerous as initially thought, the North American Electric Reliability Corporation (NERC) said last week. In a report highlighting the “lessons learned” from a past incident, NERC said hackers repeatedly caused firewalls to reboot for about ten hours, on March 5, ...

  • ACSC helps power energy sector’s cybersecurity capabilities

    September 4, 2019

    The Australian Cyber Security Centre (ACSC) has plugged into energy sector organisations and government agencies to help power their cybersecurity capabilities. The nationwide program — which started in November 2018 – aims to improve the energy industry’s cyber threat resilience and responses. So far, the ACSC has provided cybersecurity incident response and exercise training, information exchange sessions on operational ...

  • AMEO ‘concerned’ about nation-state attacks on power grids

    August 22, 2019

    “For the energy sectors and critical infrastructure sectors, particularly around electricity, we are concerned about nation-state actors,” says Tim Daly, chief security officer (CSO) for the Australian Energy Market Operator (AEMO). “Nation-states are looking to have capability and implants that are persistent within critical organisations,” he told the Gartner Security and Risk Management Summit in Sydney ...

  • Adwind Remote Access Trojan Hits Utilities Sector

    August 19, 2019

    Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads. Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware ...

  • How Threat Intelligence Helps the Energy Sector Fight Cyberespionage

    August 13, 2019

    When it comes to cyber threats, some industries have it harder than others. Few are as heavily targeted by sophisticated cyberattacks as the energy sector. Over the last decade, state-sponsored hacking groups have routinely targeted utility networks and other energy providers for the purposes of espionage and disruption. And according to the latest research, advanced persistent threat (APT) ...

  • US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks

    July 2, 2019

    The US is very close to improving power grid security by mandating the use of “retro” (analog, manual) technologies on US power grids as a defensive measure against foreign cyber-attacks that could bring down power distribution as a result. The idea is to use “retro” technology to isolate the grid’s most important control systems, to limit ...

  • U.S. Escalates Online Attacks on Russia’s Power Grid

    June 15, 2019

    The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said. In interviews over the past three months, the officials described the previously ...

  • Researchers Link ‘Sharpshooter’ Cyber Attacks to North Korean Hackers

    March 4, 2019

    Security researchers have finally, with “high confidence,” linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group. Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement. Dubbed Operation Sharpshooter, the cyber espionage ...

  • South African Power Firm Eskom Fails To Secure Customer Data

    February 6, 2019

    A security researcher resorted to a public tweet about a serious data breach involving customer data, after a South African electricity provider ignored all other pleas to resolve the leak. Security researcher Devin Stokes issued the public tweet to Eskom, which is South Africa’s state-owned electricity company. The fact that Eskom, which supplies 95 percent of the electricity ...