Russian hackers came close to shutting down US energy and gas facilities

Alexander Topchy16:17, 14.02.23

During the first few weeks of Russia’s full-scale invasion of Ukraine, malware targeted about a dozen targets in the US.

Russia-linked hackers came very close to shutting down a dozen US energy and gas facilities in the first weeks of the war in Ukraine.

This was stated by the head of the Dragos cybersecurity company, Robert M. Lee, writes Politico . Hackers from a group that Dragos calls “Chernovit” used malware to try to disable “about a dozen” US electricity and liquefied natural gas facilities, he said.

“We were closer than ever to having the US infrastructure shut down. It (malicious software – UNIAN) was not used for any of the purposes, they were not ready to “pull the trigger”, but they (hackers, – UNIAN) were very close,” Lee told reporters at a briefing.

The head of Dragos, which helps companies respond to cyberattacks, declined to reveal details about what prevented the attack, but said it was stopped by a coalition of the US government and cyberindustry groups.

While the US government reported last year that a new malware called PIPEDREAM was capable of infiltrating US industrial control systems in several key sectors, Robert Lee’s statements suggest the danger was more acute than officials reported.

Lee described the malware as “wartime state-level potential.” He didn’t say if the malware was actually installed on the targeted networks, or if the hackers were only close to infiltrating the systems.

While Dragos does not link hacker groups to nation-states as a policy, other security researchers say the PIPEDREAM malware used by the Chernovit group is likely linked to Russia.

Politico recalls that the US announced the discovery of dangerous malware in April 2022, just three weeks after President Joe Biden warned that Russia was “exploring options for potential cyberattacks” against the US and urged critical infrastructure groups to step up efforts to secure security.

According to Dragos, the PIPEDREAM malware is the “world’s first” type of malware that can be used in a variety of industrial control systems. It is not intended to disrupt the operation of any one particular system, which makes it particularly dangerous. Malware also does not enter systems through patchable vulnerabilities, making it difficult to protect against it.

“You can raise the temperature, which can create unsafe conditions in the plant. There is no need to exploit anything, there is no need to find a vulnerability when the plant is already built in so that the plant environment can work,” Li said of the impact that can render using PIPEDREAM.

Lee told reporters that he believes that because the PIPEDREAM malware has not been successfully used against any US infrastructure, the security community has “quickly passed it by,” but there is still more to be done to protect against these hackers.

“Chernovit is still active, so we are confident that they are still active and working on this system, and we expect it to be rolled out in the future,” Li said.

(C)UNIAN 2023

One comment

  1. I wonder what our response will be to this attack. Actually, we should’ve been attacking mafia land for several years now for their incessant computer hacks. When will we get an administration that will do the right thing and destroy mafia land’s cyber world?

Enter comments here: