Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

U.S. Government Details Prolonged Cyber Scheme by Russian State Actors Targeting the Energy Sector

Share

Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Energy (DOE) issued a joint advisory providing “information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors” that targeted “U.S. and international Energy Sector organizations.” While CISA, the FBI, and DOE all responded to these campaigns “with appropriate action in and around the time they occurred,” the U.S. government determined that it was important to share information about the attacks “in order to highlight historical tactics, techniques, and procedures (TTPs) used by adversaries to target U.S. and international Energy Sector organizations.”

The joint advisory detailed two specific cyber intrusion campaigns against U.S. and international oil refineries, nuclear facilities, and energy companies. The first campaign involved Russian Federal Security Service (FSB) officers who “conducted a multi-stage campaign in which they gained remote access to U.S. and international energy sector networks, deployed [Information Control System (ICS)]-focused malware, and collected and exfiltrated enterprise and ICS-related data.” The second campaign involved Russian cyber actors affiliated with the Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhm) who “gained access to and leveraged TRITON (also known as HatMan) malware to manipulate a foreign oil refinery’s ICS controllers.” Attackers involved in both attacks had been charged in federal criminal indictments that were recently unsealed by the U.S. Department of Justice.

The state-sponsored attacks included various common tactics and techniques, including, but not limited to, the following:

  • Spear phishing campaigns
  • Use of malicious versions of legitimate software updates on multiple ICS vendor websites
  • Data exfiltration
  • Supply chain attacks

The joint advisory also recommended various “mitigation strategies” to help potential targets protect their networks from similar attacks in the future. These mitigation strategies include the following:

  • Improving management of Privileged Account Management strategies
  • Setting and enforcing more secure password policies for all accounts
  • Removing or denying access to unnecessary and potentially vulnerable software
  • Increasing use of audits of systems, permissions, insecure software, and insecure system configurations and
  • Enforcing multifactor authentication requiring users to provide two or more pieces of information (such as username and password plus a token) to authenticate into a system.

The war in Ukraine has led to an increase in cyberattacks, and experts fear that the severity and frequency of these attacks will only increase as hostilities continue. We have recently discussed this possibility in a separate article addressing cybersecurity concerns in the wake of Russia’s attack on Ukraine.

As always, it is critical to review your organization’s cyber hygiene and start taking precautions to protect your information technology and operational technology networks. And, as exemplified by the recent joint release by the U.S. government, this is especially relevant for those in the U.S. critical infrastructure sector.

About the Author: Jason G. Weiss

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics Supervisory Special Agent with more than 22 years of decorated service at the FBI to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response and compliance. View Jason's full bio on the Faegre Drinker website.

About the Author: Peter Baldwin

Peter Baldwin draws on his experience as a former federal prosecutor to counsel clients facing government investigations and cybersecurity issues. View Peter's full bio on the Faegre Drinker website.

Subscribe and Receive Alerts to New Articles

SUBSCRIBE
April 26, 2022
Written by: Jason G. Weiss and Peter Baldwin
Category: Cybersecurity, International
Tags: CISA, cyberattack, Russia, TTPs, Ukraine

Post navigation

Previous Previous post: A Cyber Hygiene Strategy: Cyber Insurance Endorsements
Next Next post: Faegre Drinker on Law and Technology Podcast: What Is Algorithmic Bias? Why Is It Important?

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2022 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT