[BreachExchange] FBI advised that hackers scanned networks of 5 US energy firms ahead of Biden’s Russia cyberattack warning

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Wed Mar 23 10:26:13 EDT 2022


https://localnews8.com/news/2022/03/22/fbi-advised-that-hackers-scanned-networks-of-5-us-energy-firms-ahead-of-bidens-russia-cyberattack-warning/

Hackers associated with Russian internet addresses have been scanning the
networks of five US energy companies in a possible prelude to hacking
attempts, the FBI said in a March 18 advisory to US businesses obtained by
CNN.

The FBI issued the notice days before President Joe Biden publicly warned
that Kremlin-linked hackers could target US organizations as the Russian
military continues to suffer heavy losses in Ukraine and as Western
sanctions on the Kremlin begin to bite.

Deputy national security adviser Anne Neuberger said during Monday’s White
House briefing that Russia had been conducting “preparatory activity” for
cyber attacks, which she said could include scanning websites and hunting
for software vulnerabilities.”

The so-called “preparatory activity” that Neuberger mentioned Monday is
likely “not about espionage, it’s probably very likely about disruptive or
destructive [cyber] activity,” US Cybersecurity and Infrastructure Security
Agency Director Jen Easterly said Tuesday on a phone briefing with industry
executives and state and local government personnel, according to three
sources on the call.

There are at least 18 US companies in other sectors, such as defense and
financial services that were subjected to the scanning, the FBI said.

There are no confirmed breaches related to the scanning, but the FBI
advisory is the latest in a chorus of warnings from US officials to
critical infrastructure operators to be on alert for potential Russian
hacking. “The magnitude of Russia’s cyber capacity is fairly consequential
and it’s coming,” Biden told business executives on Monday.

The Russia-based Internet Protocol addresses, or data that identifies a
computer, are “believed to be associated with cyber actors who previously
conducted destructive cyber activity against foreign critical
infrastructure,” the FBI said in its advisory.

“This scanning activity has increased since the start of the Russia/Ukraine
conflict, leading to a greater possibility of future intrusions,” the FBI
memo states.

CBS News first reported on the FBI advisory.

For months, the US departments of Energy, Treasury and Homeland Security,
among others, have briefed big electric utilities and banks on Russian
hacking capabilities, and urged businesses to lower their thresholds for
reporting suspicious activity.

CNN reported on February 2 that a foreign hacking group had probed the
computer networks of US electric utilities that operate liquefied natural
gas facilities.

The hacking group developed tools used in an incident that forced a Saudi
petrochemical plant to shut down in 2017, according to cybersecurity
researchers. The Treasury Department in 2020 sanctioned a Russian
government institute for its alleged involvement in that incident.

An FBI spokesperson did not respond when CNN asked whether the bureau was
referring to the same hacking group in its recent advisory.

The spokesperson said in an emailed statement: “While our standard practice
is to not comment on specific intelligence products, the FBI routinely
shares information with our law enforcement and industry partners in order
to protect the communities they serve and work with. The FBI always
encourages members of the public and private industry to be vigilant and
report anything they consider suspicious to law enforcement.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220323/1cb88fae/attachment.html>


More information about the BreachExchange mailing list