3rdPartyFeeds

Are Iranian Hackers Planning An Attack On Key Oil Assets?

An infamous Iranian hacker group could be targeting industrial control systems to cause major disruptions in power grids, oil refineries, and other physical energy assets in the US and other nations Read More...

An infamous Iranian hacker group may be targeting industrial control systems to cause major disruptions in power grids, oil refineries, and other physical energy assets, in an apparent sharpened focus on cyber warfare on critical industries.

These attempts by Iranian hackers to infiltrate systems controlling energy assets come at a time of heightened tension between the United States and Iran and at a time of increased cyber threats to the energy industry in the United States and globally.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Iranian hacker group APT33—also known as Elfin, Refined Kitten, and Holmium—is thought to have recently shifted its focus from IT networks onto industrial control systems (ICS) that control utilities and oil refineries, among other industries, Microsoft security researcher Ned Moran tells WIRED’s senior writer Andy Greenberg.” data-reactid=”13″>Iranian hacker group APT33—also known as Elfin, Refined Kitten, and Holmium—is thought to have recently shifted its focus from IT networks onto industrial control systems (ICS) that control utilities and oil refineries, among other industries, Microsoft security researcher Ned Moran tells WIRED’s senior writer Andy Greenberg.

Moran presented Microsoft’s findings at the CyberwarCon conference in Arlington, Virginia, this week. Those findings show that the Iranian hackers have narrowed over the past two months their password spraying—attempts to access a large number of accounts with a few common passwords—onto around 2,000 organizations, but have increased the number of targeted accounts. According to Microsoft’s Moran, half of the 25 top organizations that the hackers try to hack are industrial control system (ICS) manufacturers and providers.  

It’s unclear if the hackers have cracked any of the systems they attempted to hack. Their motivation is also unclear, but Microsoft’s Moran thinks that the ultimate goal is to try to gain access to a system in order to carry out a physically devastating attack on critical infrastructure, such as energy infrastructure.

By targeting ICS, the Iranian hackers are “trying to find the downstream customer, to find out how they work and who uses them. They’re looking to inflict some pain on someone’s critical infrastructure that makes use of these control systems,” Moran told WIRED.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Related: This Large Oil Producer Is Facing A Major Refining Crisis” data-reactid=”17″>Related: This Large Oil Producer Is Facing A Major Refining Crisis

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Cybersecurity solutions firms Trend Micro said earlier this month that it believes the APT33 group has been using about a dozen live Command and Control (C&amp;C) servers for extremely narrow targeting against organizations in the Middle East, the United States, and Asia.” data-reactid=”18″>Cybersecurity solutions firms Trend Micro said earlier this month that it believes the APT33 group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting against organizations in the Middle East, the United States, and Asia.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="The apparent shift in the Iranian hacker group’s focus highlights the threats to critical U.S. infrastructure, including energy infrastructure, which has seen the frequency of cyberattacks increase over the past couple of years. &nbsp;&nbsp;” data-reactid=”19″>The apparent shift in the Iranian hacker group’s focus highlights the threats to critical U.S. infrastructure, including energy infrastructure, which has seen the frequency of cyberattacks increase over the past couple of years.   

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Last year, the same Iranian hacker group stepped up its attacks on a variety of companies in the Persian Gulf, including energy firms. &nbsp;” data-reactid=”20″>Last year, the same Iranian hacker group stepped up its attacks on a variety of companies in the Persian Gulf, including energy firms.  

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="According to The National, there is wide belief that the hacker group is linked to the government in Tehran, with the attacks becoming more frequent after U.S. President Donald Trump pulled the Untied States out of the Iran nuclear deal.” data-reactid=”21″>According to The National, there is wide belief that the hacker group is linked to the government in Tehran, with the attacks becoming more frequent after U.S. President Donald Trump pulled the Untied States out of the Iran nuclear deal.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="APT33 is also believed to be responsible for the Shamoon malware attack that hit the servers of Saudi oil giant Aramco in 2012 and which returned last year with a new version.” data-reactid=”22″>APT33 is also believed to be responsible for the Shamoon malware attack that hit the servers of Saudi oil giant Aramco in 2012 and which returned last year with a new version.

McAfee has concluded that APT33 could be the malign actor behind the Shamoon attacks.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Related: Putin Calls U.S. Shale “Barbaric”” data-reactid=”24″>Related: Putin Calls U.S. Shale “Barbaric”

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="“After further analysis of the three versions of Shamoon and based on the evidence we describe here, we conclude that the Iranian hacker group APT33—or a group masquerading as APT33—is likely responsible for these attacks,” the McAfee Advanced Threat Research team said.” data-reactid=”25″>“After further analysis of the three versions of Shamoon and based on the evidence we describe here, we conclude that the Iranian hacker group APT33—or a group masquerading as APT33—is likely responsible for these attacks,” the McAfee Advanced Threat Research team said.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="APT33, or Elfin, has been highly active in the past three years, Symantec said in March 2019, noting that the hacker group—although primarily focused on targets in Saudi Arabia—has a high interest in targets in the United States.” data-reactid=”26″>APT33, or Elfin, has been highly active in the past three years, Symantec said in March 2019, noting that the hacker group—although primarily focused on targets in Saudi Arabia—has a high interest in targets in the United States.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Meanwhile, the U.S. is looking to strengthen cyber security at critical energy infrastructure. The U.S. Department of Energy is&nbsp;awarding millions of US dollars&nbsp;in research and development of next-generation tools and technologies aimed at improving the cybersecurity of the critical American energy infrastructure, including the electric grid and oil and natural gas infrastructure.” data-reactid=”27″>Meanwhile, the U.S. is looking to strengthen cyber security at critical energy infrastructure. The U.S. Department of Energy is awarding millions of US dollars in research and development of next-generation tools and technologies aimed at improving the cybersecurity of the critical American energy infrastructure, including the electric grid and oil and natural gas infrastructure.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="In September, the North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) and the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) formed a partnership to improve information sharing between the organizations and their members to enhance the cyber security of North America.” data-reactid=”28″>In September, the North American Electric Reliability Corporation’s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) and the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) formed a partnership to improve information sharing between the organizations and their members to enhance the cyber security of North America.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Any effort to beef up cyber security is not overstated in the face of increasingly inventive cyber threats.

By Tsvetana Paraskova for Oilprice.com” data-reactid=”29″>Any effort to beef up cyber security is not overstated in the face of increasingly inventive cyber threats.

By Tsvetana Paraskova for Oilprice.com

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="More Top Reads From Oilprice.com:” data-reactid=”30″>More Top Reads From Oilprice.com:

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Read this article on OilPrice.com” data-reactid=”35″>Read this article on OilPrice.com

Read More

Add Comment

Click here to post a comment