This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/technology/2017/jul/18/energy-sector-compromised-state-hackers-leaked-gchq-memo-uk-national-cybersecurity-centre
The article has changed 7 times. There is an RSS feed of changes available.
Version 3 | Version 4 |
---|---|
State hackers 'probably compromised' energy sector, says leaked GCHQ memo | State hackers 'probably compromised' energy sector, says leaked GCHQ memo |
(about 17 hours later) | |
UK’s National Cybersecurity Centre warned of connections ‘from multiple UK IP addresses to state-sponsored threats’, according to reports | |
Alex Hern | |
Tue 18 Jul 2017 14.20 BST | |
Last modified on Wed 19 Jul 2017 18.31 BST | |
Share on Facebook | |
Share on Twitter | |
Share via Email | |
View more sharing options | |
Share on LinkedIn | |
Share on Pinterest | |
Share on Google+ | |
Share on WhatsApp | |
Share on Messenger | |
Close | |
The UK energy sector is likely to have been targeted and probably compromised by nation-state hackers, according to a memo from Britain’s National Cybersecurity Centre. | The UK energy sector is likely to have been targeted and probably compromised by nation-state hackers, according to a memo from Britain’s National Cybersecurity Centre. |
The NCSC, a subsidiary of GCHQ, warned that it had spotted connections “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,” according to Motherboard, which obtained a copy of the document. | The NCSC, a subsidiary of GCHQ, warned that it had spotted connections “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,” according to Motherboard, which obtained a copy of the document. |
This information implies that direct connections are being made between computers in the UK’s energy sector and the attacker’s command-and-control apparatus. Both the Windows data-transfer protocol SMB, and the web backbone HTTP, were used to in the connections, according to Motherboard. | This information implies that direct connections are being made between computers in the UK’s energy sector and the attacker’s command-and-control apparatus. Both the Windows data-transfer protocol SMB, and the web backbone HTTP, were used to in the connections, according to Motherboard. |
“NCSC believes that due to the use of wide-spread targeting by the attacker, a number of industrial control system engineering and services organisations are likely to have been compromised,” the memo says. | “NCSC believes that due to the use of wide-spread targeting by the attacker, a number of industrial control system engineering and services organisations are likely to have been compromised,” the memo says. |
The NCSC has neither confirmed nor denied the memo is genuine. It told the BBC in a statement: “We are aware of reports of malicious cyber-activity targeting the energy sector around the globe … We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK.” | The NCSC has neither confirmed nor denied the memo is genuine. It told the BBC in a statement: “We are aware of reports of malicious cyber-activity targeting the energy sector around the globe … We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK.” |
It makes the UK the third country in the last week to note state-sponsored intrusion of its power grid. Earlier this week, the Times reported on fears that Ireland’s Electricity Supply Board was targeted by a group with ties to the Kremlin, while 18 US-based energy companies were sent phishing emails attempting to steal credentials, according to Cyberscoop. | It makes the UK the third country in the last week to note state-sponsored intrusion of its power grid. Earlier this week, the Times reported on fears that Ireland’s Electricity Supply Board was targeted by a group with ties to the Kremlin, while 18 US-based energy companies were sent phishing emails attempting to steal credentials, according to Cyberscoop. |
All the reports appear to be linked, suggesting a widespread campaign to probe energy suppliers for weaknesses, and to steal credentials which may prove useful in future attacks. It is a matter of debate whether such a campaign can itself be called an attack, since no damage has apparently been done, but it will focus attention on the risk to critical infrastructure from cyber-attacks. | All the reports appear to be linked, suggesting a widespread campaign to probe energy suppliers for weaknesses, and to steal credentials which may prove useful in future attacks. It is a matter of debate whether such a campaign can itself be called an attack, since no damage has apparently been done, but it will focus attention on the risk to critical infrastructure from cyber-attacks. |
In late June, the former chief of the National Grid, Steve Holliday, told the Guardian: “The UK stands out uniquely on cyber threats. Nowhere else is as worried as the UK about cyber threats: we are just off the scale on our energy system concerns on cyber.” | In late June, the former chief of the National Grid, Steve Holliday, told the Guardian: “The UK stands out uniquely on cyber threats. Nowhere else is as worried as the UK about cyber threats: we are just off the scale on our energy system concerns on cyber.” |
As far back as 2013, security researchers were identifying significant vulnerabilities in power grids that allowed a remote hacker to seize or take control of plant control systems, while Ukraine became one of the first countries to see the physical results of such attacks in 2016, when a blackout across western Ukraine was caused by a malware called “BlackEnergy”. | As far back as 2013, security researchers were identifying significant vulnerabilities in power grids that allowed a remote hacker to seize or take control of plant control systems, while Ukraine became one of the first countries to see the physical results of such attacks in 2016, when a blackout across western Ukraine was caused by a malware called “BlackEnergy”. |
• This article’s picture caption was amended on 19 July 2017 to clarify that Steve Holliday is the former chief of the National Grid. | • This article’s picture caption was amended on 19 July 2017 to clarify that Steve Holliday is the former chief of the National Grid. |
Hacking | |
Internet | |
Cyberwar | |
Energy | |
GCHQ | |
Malware | |
Share on Facebook | |
Share on Twitter | |
Share via Email | |
Share on LinkedIn | |
Share on Pinterest | |
Share on Google+ | |
Share on WhatsApp | |
Share on Messenger | |
Reuse this content |