Denmark Weathered Wave of Cyber Attacks on Energy Infrastructure in May, Industry Non-profit Reveals
Tuesday, November 21, 2023
The breaches followed on from vulnerabilities disclosed in April, primarily CVE-2023-28771. However, the energy infrastructure devices were not visible to the scanning tools (such as Shodan) that hackers usually make use of in the wake of public vulnerability disclosures. That, along with certain tools and zero-days used in the attacks, leads SektorCERT to believe that advanced persistent threat groups backed by nation-states were responsible. The report specifically names Russia’s Sandworm group, a highly advanced team known to be a direct part of the GRU, as one of the suspects. “Multiple” groups were reportedly involved, however, and some were not as successful as others.
Dr. Ilia Kolochenko, Founder of ImmuniWeb, notes that being a suspect is not the same as a confirmation: “Attribution of attacks targeting critical infrastructure remains a highly complex, multifaceted and uncertain task. Sophisticated threat actors may purposely frame each other, as well as known hacking groups, hacktivists or even some notorious nation states. At the same time, the abundance of vulnerable devices and servers with publicly known and exploitable-in-default-configuration vulnerabilities greatly facilitate such attacks. Worse, countless bots may automatically exploit some simple vulnerabilities, creating a lot of noise in logs and making investigation a time-consuming task. Moreover, some devices have limited storage capabilities and older logs are simply unavailable. With the upcoming implementation of NIS 2 directive, the situation shall become slightly better but European governments will be required to allocate significantly more money to the protection of national infrastructure from cyber attacks.” Read Full Article
CPO Magazine: Ransomware Group Trolls Victim With SEC Complaint After Data Breach
American Banker: Hacker chutzpah: Ransomware group says it reported victim to SEC