US government warns of hackers targeting energy, industrial firms
23 Oct 2017
The US government has issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, which point to cyber attacks presenting an increasing threat to the power industry and other public infrastructure, according to commentators.
The Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted as also government entities, in attacks dating going back to May.
According to the agencies, hackers had succeeded in compromising some targeted networks, but they did not identify specific victims or describe any cases of sabotage.
The report added that the objective of the attackers was to compromise organisational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets.
The activity has been under the radar of US authorities for months, which was initially detailed in a confidential June report, first reported by Reuters.
That document, privately distributed to firms at risk of attacks, described a narrower set of activity focused on the nuclear, energy and critical manufacturing sectors.
''The technical alert provides recommendations to prevent and mitigate malicious cyber activity targeting multiple sectors and reiterated our commitment to remain vigilant for new threats,'' Department of Homeland Security spokesman Scott McConnell said.
According to the joint report, the phishing campaign targeted two types of victims - staging and intended targets. Hackers first launch attacks against "staging targets", which include third-party and peripheral organisations that are tied to the primary targets and have less secure networks.
The staging targets are then used by the threat actors as "pivot points and malware repositories" to attack the primary companies.
According to the DHS, threat actors are seeking access to specific information regarding the targeted companies' equipment and organisational designs and "control system capabilities" in order to infiltrate and harm the firm's networks.
