Cyberattacks targeting computer control operators at U.S. energy facilities have risen sharply over the past two years, as a sophisticated hacking group attempted to gain a foothold in networks that run the nation’s critical infrastructure, a recent cybersecurity analysis shows.
A highly skilled and likely well-funded group of hackers has launched an ongoing campaign of online attacks against U.S. energy, nuclear, water, aviation and manufacturing operations since at least March 2016, primarily using spear-phishing emails and watering-hole attacks against administrators and engineers with access to industrial control systems, according to an analysis by iDefense, the cyber-threat intelligence division of Accenture Securities.
The nature of the attacks implies the group, which iDefense calls “Black Ghost Knifefish,” has tried to figure out how to manipulate vital control systems and test the response of federal authorities if they were to launch an attack aimed at disrupting operations or damaging facilities, said Jim Guinn, global lead of Accenture’s natural resources cybersecurity practice.
“They’re gaining access to our systems,” Guinn said. “They’re able to test our response.”
For the U.S. energy industry, vital assets include refineries, power plants, petrochemical facilities, pipelines and drilling rigs.
In private reports prepared for cybersecurity clients and shared with the Houston Chronicle, iDefense, which has tracked the sophisticated hacking group for about two years, said the online assaults against U.S. companies were almost certainly successful because of operators’ lack of proper security segmenting networks and basic firewall implementations, among other common lapses.
The firm said the hacking group has gained access to U.S. systems with increasing frequency and is “very likely to continue” prying into operational networks. The hacking campaign, it said, is likely an attempt to establish a “backdoor” into industrial controls “with the intended goal of having the capability to disrupt, degrade or destroy the production of those” critical infrastructure and key resources assets,…