Thursday, December 7, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • How Data Ingestion Works in SOAR
  • Merry and Cyber Resilient: Are Holiday Bots Actually Helping Your Business?
  • DEF CON 31 - Dan Petro’s, David Vargas’ ‘Badge Of Shame Breaking Into Secure Facilities With OSDP’
  • News alert: Reflectiz adds AI-powered capabilities to its Smart Alerting web threat management system
  • CISA to Developers: Adopt Memory Safe Programming Languages
Security Bloggers Network 

Home » Security Bloggers Network » Russian Hacking Campaign Targeting U.S. Electric Utilities

SBN

Russian Hacking Campaign Targeting U.S. Electric Utilities

by David Bisson on July 24, 2018

Homeland security officials said that individuals working for Russia are currently targeting electric utilities located in the United States.

AI on ActionSponsorships Available

The Department of Homeland Security told The Wall Street Journal that persons working for a state-sponsored hacking group called “Dragonfly” or “Energetic Bear” compromised “hundreds of victims” in 2017. They did so through the use of spear-phishing techniques and watering hole attacks designed to steal users’ passwords. With those credentials, they gained access to the networks of suppliers of many U.S. electric utilities. They then stole information that allowed them to infiltrate the utilities themselves. Once inside, they reportedly had the ability to cause blackouts, meaning they would have had access to the control centers themselves.

“They got to the point where they could have thrown switches” said Jonathan Homer, chief of industrial-control-system analysis for DHS.

But Robert M. Lee, CEO and Founder of the industrial cyber security company Dragos, Inc., said on Twitter that some of the language used by the DHS to describe the campaign is misleading.

And language such as “throwing switches” and noting it would cause “black outs” is in no way representative of what was seen in these intrusions. In these cases the adversary was taking screenshots of HMIs.

— Robert M. Lee (@RobertMLee) July 24, 2018

This isn’t the first time homeland security officials warned of Russian actors targeting power companies. In March 2018, DHS and the Federal Bureau of Investigation (FBI) publicly blamed Russia for attempting to hack U.S. energy infrastructure. They said that campaign also attempted to compromise suppliers’ networks before hacking into the power companies themselves.

Investigators cited by The Wall Street Journal said it’s unclear whether Dragonfly conducted this latest campaign in preparation for a larger attack. As a result, DHS said it intends to hold four briefings (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/off-topic/russian-hacking-campaign-targeting-u-s-electric-utilities/

July 24, 2018July 24, 2018 David Bisson electric, Hacking, Off Topic, Russia
  • ← UK university domains spoofed in massive fraud campaign targeting suppliers
  • Hackers breach Singapore’s largest healthcare provider; steal records of 1.5 million patients, including the Prime Minister →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Mon 11

How Boundless Software Accelerated Customer Onboarding With Calico Cloud and Amazon EKS

December 11 @ 11:00 am - 12:00 pm
Mon 11

API Security

December 11 @ 1:00 pm - 2:00 pm
Thu 14

AWS Immersion Day: Securing Your Infrastructure-as-Code With Snyk and HashiCorp

December 14 @ 1:00 pm - 3:00 pm
Tue 19

Best Practices to Secure and Protect Modern Software Applications

December 19 @ 9:00 am - 10:00 am
Feb 12

Ransomware

February 12, 2024 @ 1:00 pm - 2:00 pm
Mar 11

Securing Open Source

March 11, 2024 @ 1:00 pm - 2:00 pm
May 20

Zero-Trust

May 20, 2024 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Limiting Remote Access Exposure in Hybrid Work Environments
23andMe Finally Admits: 6.9 MILLION Users’ PII Breached
Exposed Hugging Face APIs Opened AI Models to Cyberattacks
P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices
Russian-Backed Hackers Target High-Value US, European Entities
Application Security Trends & Challenges with Tanya Janca
2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks
Kubernetes Security: Sensitive Secrets Exposed
Top Characteristics of a QR Code Phishing Email
“Do Not Push To Production” And Other Insecure Code, Demonstrated By An Ethical Hacker

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

CISA to Developers: Adopt Memory Safe Programming Languages
Cybersecurity Data Security DevOps Endpoint Featured Industry Spotlight Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Vulnerabilities 

CISA to Developers: Adopt Memory Safe Programming Languages

December 7, 2023 Jeffrey Burt | Yesterday 0
Dragos Offers Free OT Security Tools to Small Utilities
Cloud Security Cybersecurity Data Security DevOps Featured Industry Spotlight IoT & ICS Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

Dragos Offers Free OT Security Tools to Small Utilities

December 7, 2023 Jeffrey Burt | Yesterday 0
Use Windows 10? You Must PAY for Security
API Security Application Security AppSec Cybersecurity Data Privacy Data Security Editorial Calendar Endpoint Featured Humor Industry Spotlight IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Ransomware Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Challenges and Opportunities of Remote Work Software Supply Chain Security Spotlight Threats & Breaches Vulnerabilities 

Use Windows 10? You Must PAY for Security

December 6, 2023 Richi Jennings | 1 day ago 0

Top Stories

CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency
Application Security Cloud Security Cybersecurity Data Security Identity & Access Malware Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency

December 6, 2023 Jeffrey Burt | 1 day ago 0
Russian-Backed Hackers Target High-Value US, European Entities
Cybersecurity Data Security DevOps Industry Spotlight IoT & ICS Security Malware Network Security News Security Boulevard (Original) Social - X Social Engineering Spotlight Threat Intelligence 

Russian-Backed Hackers Target High-Value US, European Entities

December 6, 2023 Jeffrey Burt | 1 day ago 0
Survey Surfaces Wasted Efforts Collecting Cybersecurity Data
Analytics & Intelligence Cybersecurity Data Security Featured Governance, Risk & Compliance Network Security News Security Boulevard (Original) Social - X Spotlight Threats & Breaches Vulnerabilities 

Survey Surfaces Wasted Efforts Collecting Cybersecurity Data

December 6, 2023 Michael Vizard | 1 day ago 0

Security Humor

Randall Munroe’s XKCD ‘Space Typography’

Randall Munroe’s XKCD ‘Space Typography’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.

Cloud Workload Resilience PulseMeter

Step 1 of 8

12%
How do you define cloud resiliency for cloud workloads? (Select 3)(Required)
  • Smaller, self-contained microservices fail independently without impacting overall availability.
  • Containerized software provides isolation and consistency, making it easier to scale and recover from failure.
  • Stateless design patterns increase scalability and can fail independently without impacting other parts of cloud applications.
  • Serverless design pattern allows events to initiate the operation of the discrete functions as needed.
  • Cloud-native architecture significantly influences the resiliency of cloud-deployed applications.
  • Cloud-native architecture provides limited or no resiliency improvement.
How important is improving the resiliency of cloud workloads for your organization in 2024? (Select 1)(Required)
Which of the following do you use to improve the resiliency of cloud workloads? (Select all that apply)(Required)
  • Distribute workloads
  • Portable workloads across multiple cloud providers
  • Move some workloads to the edge
  • Kubernetes clusters for failover and load distribution
  • Stateless software design
  • Increased security posture
  • Setting meaningful and achievable resiliency goals
What are the most significant challenges to improving the resiliency of cloud workloads or cloud-native applications? (Select all that apply)(Required)
How much of your cloud workload is cloud-native today? (Select 1)(Required)
What is your business or organization's size (# employees)? (Select 1)(Required)