The U.S. Cyber Emergency Response Team (US-CERT) issued an alert March 15,
“Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors” – Alert TA18-074A. It wasn’t necessarily an ah-ha moment for those in the information security profession, but the level of detail provided within the alert served to goose Main Street USA and garnered their seemingly undivided attention (even if only for one 24-hour news cycle). The
Russians have been busy in the realm of espionage.
The US-CERT’s alert detailed how over the period of the past two years the Russians have been systematically coming at the U.S. energy sector, both providers and suppliers. Their efforts, according to the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), were focused on making a beach head with trusted third-party suppliers with “less secure networks” and the pivot to exploit the trusted access between the trusted supplier and the intended target—in this case, energy suppliers.
In a nutshell, the US-CERT points to three areas of primary concern:
- Domain Controllers
- File Servers
- Email Servers
“After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS),” according to the alert.
....
....