Agencies Publish Details of Previous Russia-Linked Cyberattacks on Energy Sector

Federal agencies have published details about past Russia-linked cyberattacks against international and U.S. energy organizations.

The Department of Energy, Cybersecurity and Infrastructure Security Agency and the FBI issued a joint cybersecurity advisory about state-sponsored cyber campaigns between 2011 and 2018.

While the advisory contains details about historical incidents, Russian state-sponsored cyber operations still threaten the U.S. energy sector today, CISA said.

The joint statement highlighted a multi-stage campaign where officers from Russia’s Federal Security Service deployed Havex malware targeting industrial control systems.

The agencies also pointed to a group of Russia-linked cyber actors who deployed TRITON malware to manipulate industrial control systems owned by an energy organization in the Middle East.

CISA Director Jen Easterly said that the tactics and mitigation steps detailed in the advisory are still relevant in the current threat environment.

Easterly advised organizations of all sizes to review the advisory and read the agency’s Shields Up page for regularly updated mitigation steps.

Some of CISA’s recommended actions include the segmentation of information technology and industrial control systems, enforcement of multi-factor authentication and the management of permissions associated with privileged accounts.

Bryan Vorndran, assistant director of the FBI’s cyber division, said the agency is committed to helping the private sector enhance its cyber capabilities well as to holding cyber criminals accountable.

In conjunction with the joint advisory, the Department of Justice also unsealed indictments against four Russian government employees charged in the two campaigns.

DOJ said that their actions affected thousands of computers at hundreds of organizations in about 135 countries.