The Russian government targeted US energy and other critical infrastructure facilities with cyber-attacks, according to the US Department of Home Security (DHS) and the Federal Bureau of Investigation (FBI).
The two organisations have issued a technical alert relating to what they say are Russian government actions targeting US government entities as well as organisations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by cyber actors on compromised networks.
The two organisations believe the cyber-attacks ae part of a multi-stage intrusion campaign by Russian government cyber actors.
They say small commercial facilities’ networks were targeted for malware and spear phishing, which provided remote access into energy sector networks.
“After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to industrial control systems (ICS),” according to the alert.
“Analysis by DHS and FBI resulted in the identification of distinct indicators and behaviours related to this activity,” it adds.
DHS and the FBI believe targets were chosen deliberately and, once access was gained, threat actors conducted reconnaissance operations within the network.
According to the alert, in many cases the threat actors accessed workstations and servers on a corporate network that contained data output from control systems within energy generation facilities.
They accessed files pertaining to ICS or supervisory control and data acquisition (SCADA) systems, copying profile and configuration information to access them.
“This campaign has affected multiple organisations in the energy, nuclear, water, aviation, construction, and critical manufacturing sectors.”
The alert follows yesterday’s news that the Trump administration has imposed sanctions on a series of Russian organisations and individuals.