logo
logo

US energy, nuke and aviation sectors under sustained attack

avatar
Alberto Mcgovern
img

The United States' Department of Homeland Security has issued an alert that warns of “advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.”

The alert says an unknown actor has been at it since May 2017 and has compromised some networks.

Compiled with the help of the FBI, the alert also acknowledges Symantec's September 2017 report on attacks labelled 'Dragonfly', and says “The threat actors appear to have deliberately chosen the organizations they targeted, rather than pursuing them as targets of opportunity.

Staging targets held preexisting relationships with many of the intended targets.”

The attackers “are seeking to identify information pertaining to network and organizational design, as well as control system capabilities, within organizations.” The alert adds “the threat actors focused on identifying and browsing file servers within the intended victim’s network [and] viewed files pertaining to ICS or Supervisory Control and Data Acquisition (SCADA) systems.

Based on DHS analysis of existing compromises, these files were originally named containing ICS vendor names and ICS reference documents pertaining to the organization (e.g., “SCADA WIRING DIAGRAM.pdf” or “SCADA PANEL LAYOUTS.xlsx”).”

collect
0
avatar
Alberto Mcgovern
guide
Zupyak is a free content platform for publishing and discovering stories, software and startups.