Saturday Bonus Issue: U.S. Sanctions Russian Research Institute for Potentially Deadly Petrochemical Plant Cyberattack

Saturday Bonus Issue: U.S. Sanctions Russian Research Institute for Potentially Deadly Petrochemical Plant Cyberattack

Russia's Energetic Bear is blamed for a string of past high-profile cyberattacks on top of recent state and local government breaches, Louisiana National Guard called in to help with cyberattacks


The U.S. government imposed sanctions against Russia’s State Research Center of the Russian Institute of Chemistry and Mechanics, an organization called “the most dangerous threat activity publicly known” by some cybersecurity researchers, for a potentially deadly cyberattack on an unnamed Saudi petrochemical facility in 2017, likely Petro Rabigh, the Saudi oil giant. The Center conducted its attack by developing malware called Triton or Trisis that shut off the safety systems that are used to prevent an explosion. After the attack on Petro Rabigh, private investigators caught the same group targeting energy companies in Northern Europe and hunting for ways to gain access to more than two dozen utilities in the U.S. As a result of the sanctions, the U.S. will freeze any U.S. assets or properties held by the research center and people connected to it. Anyone who does business with them will be exposed to similar punishment. (Nicole Perlroth / New York Times)

Related: Homeland Security Today, New York Times, Homeland Security Today, Dark Reading, TASS, The Hill: Cybersecurity, Al Jazeera English, ZDNet Security, Threatpost, Cyberscoop, STL.News, CNN.com - Politics, States News Today

Russia’s Energetic Bear Hacking Group Is Responsible for String of Cyberattacks on Power Grid, Water Facilities, Airport Wi-Fi Systems

Energetic Bear, the Russian hacking group that has surveilled dozens of state and local governments successfully breaching two of them in the run-up to this year’s election, has committed other serious cyberattacks over the past five years including breaching the U.S. power grid, water treatment facilities, and even nuclear power plants including one in Kansas. The group also hacked into Wi-Fi systems at San Francisco International Airport and at least two other West Coast airports in March in an apparent effort to find a single traveler. However, the September attacks on the local governments are the first time researchers have caught the group. (Nicole Perlroth / New York Times)

Related: Security Affairs

Louisiana National Guard Called to Stop Cyberattacks on Small Government Offices

The Louisiana National Guard was called in to stop a series of cyberattacks aimed at small government offices across the state in recent weeks, according to two sources. Experts investigating the situation discovered a remote access trojan, or RAT, known as KimJongRat that is associated with North Korean government hackers, according to a source. It’s possible however that another threat actor simply re-used the RAT’s code. Although staff at several government offices in northern Louisiana were successfully compromised, the attack was stopped before any real damage was done. (Christopher Bing / Reuters)

Related: Threatpost,  POLITICO,  Slashdot

Other Infosec Developments

  • U.S. ski and golf resort operator Boyne Resorts, which operates eleven properties in the U.S. and Canada, has suffered a cyberattack by the WastedLocker operation that has impacted company-wide reservation systems. The reservation systems for the resorts are down and expected to be inoperable for a few days. (Lawrence Abrams / Bleeping Computer)
  • U.S. Customs and Border Protection (CBP) is refusing to tell Congress what legal authority the agency is following to use commercially bought location data to track Americans without a warrant, according to the office of Senator Ron Wyden (D-OR). As a consequence, Wyden and a group of his fellow Democratic senators asked the DHS Office of the Inspector General (DHS OIG) to investigate CBP's warrantless domestic surveillance of phones, and determine if CBP is breaking the law or engaging in abusive practices. (Joseph Cox / Motherboard)
  • Microsoft, in collaboration with eleven organizations including MITRE, IBM, NVIDIA, and Bosch, has released a new open framework Adversarial ML Threat Matrix that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. The initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting ML systems. (Ravie Lakshmanan / The Hacker News)Related: IT Pro, The Daily Swig, Microsoft
  • Nvidia issued a fix for several high severity flaws in its GeForce Experience software to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service (DoS) state on systems running unpatched software. (Sergiu Gatlan / Bleeping Computer) Related: Bleeping Computer, eTeknixThomas Rid, professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies, has this great op-ed on whether the Hunter Biden laptop “scandal” is a Russian disinformation operation. His conclusion: “We must treat the Hunter Biden leaks as if they were a foreign intelligence operation — even if they probably aren’t.” Photo by Markus Winkler on UnsplashJoseph Cox has this excellent long-form investigative piece on Vince Ramos, the founder of Phantom Secure, which aimed to be the “Uber of privacy-focused, luxury-branded phones” until the FBI started to investigate the company as an organized crime outfit. There’s a 34-minute audio version of the story too. Photo by Jay Heike on UnsplashShare Metacurity

Read more