The FBI and Department of Homeland Security issued a joint statement on October 20 warning of an increased danger of a malicious “multi-stage intrusion campaign” to critical infrastructure industries, including the energy sector.
According to the warning, hackers are targeting company-controlled sites of different agencies to access information on equipment and designs, including “control-system capabilities” that could be extremely harmful to critical infrastructure if successful.
The hackers used emails and malicious websites through phishing campaigns to attempt to obtain credentials to access and sabotage the networks of the organizations. The staging of the campaign started with third-party vendors tied to the critical infrastructure organizations where they “housed” the malware to use later in the primary attack.
The joint report stated that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted, along with governmental entities, in these staged attacks since at least May 2017, and have been successful in compromising some of the targeted networks, including at least one energy generator. DHS said that it “has confidence that this campaign is still ongoing and threat actors are actively pursuing their objectives over a long-term campaign.”
The report provided technical descriptions of the malware used in the attacks, which some security researchers suggest are the work of Berserk Bear, which is affiliated with the Russian Federation.