We have already talked about the time that a group of hackers attempted to poison a water purification plant in Florida, pointing out how often no attention is paid to the security of very sensitive computer systems. Now here we go again, this time we are talking about hacker attacks on electrical distribution networks, which involve (and have involved for several years) both Europe and the USA .
In particular, Dragos has published its annual report on the state of safety of industrial control systems . In this report, four foreign hacker groups are mentioned who allegedly (successfully) targeted critical infrastructure.
One example is the Hacker group known as Sandworm , also known as Unit 74455, and it is tenically a Russian cyber military unit. The team in question is believed to be behind several more or less famous attacks: the cyber attack on Ukraine's electricity grid in December 2015 , the 2017 cyber attacks against Ukraine using Petya malware and the cyber attack on Ukraine. opening ceremony of the 2018 Winter Olympics .
Hacker's attacks on power grids that affect a bit 'all over the world
These attacks highlight several problems of the computer systems underlying many important structures, governmental and otherwise.
However, the group that deserves more attention is Kamacite. This group is described by the report as a "strategic partner" of Sandworm and the GU , the intelligence service of the Russian Armed Forces.
In particular, according to Dragos, Kamacite found itself backing Sandworm in providing it with several access points to sensitive networks, thus allowing it to carry out attacks on sensitive systems.
The two groups would therefore act in synergy, sharing the tasks of violating computer systems with each other . It therefore seems that Kamacite has repeatedly targeted US electricity distribution companies, but not only: we are also talking about companies that deal with oil, gas and other industrial companies, since the (now distant) 2017.
“It is very unlikely that Kamacite's action is aimed solely at gathering information. These Kamacite attacks are dangerous because, thanks to their connections with entities like Sandworm, they can cause devastating effects ” .
Dragos ties Kamacite to power grid intrusions not only in the United States, but also to European targets far beyond the attacks seen in Ukraine. Let's talk, for example, of a hacking campaign against the German electricity sector in 2017:
"There have been a couple of successful intrusions between 2017 and 2018 by Kamacite of industrial circles in Western Europe."
The cybersecurity firm adds more details. It seems that the main intrusion tools used by Kamacite are the classic spear-phishing e-mails containing a payload with malware , with which they are able to obtain access to Microsoft cloud-based services such as Office 365 and Active Directory . as well as virtual private networks. Once the group gets access, that's it: they exploit valid user accounts to maintain a presence on the network and use tools, such as Mimikatz , to grab credentials in order to obtain sensitive data and manipulate resources.
"Many groups are appearing and not many will leave – In three or four years, I feel we are about to peak, and that will be an absolute catastrophe."