The UK cybersecurity authority National Cyber Security Centre (NCSC) has issued a warning about hackers targeting the country’s energy sector, and says that some industrial control system organizations are likely to have been successfully compromised, according to a copy of the document obtained by Motherboard.
„The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,“ a section of the warning reads.
The activity is also targeting other sectors, with a focus on engineering, industrial control, and water sector companies. This recent wave of activity started around June 8, according to the report.
The document adds that it is likely hackers have managed to break into at least some of the targets‘ systems.
„NCSC believes that due to the use of wide-spread targeting by the attacker, a number of Industrial Control System engineering and services organisations are likely to have been compromised,“ another section of the warning reads. The report says that these organizations are part of the supply chain for UK critical national infrastructure, and some are likely to have remote access to critical systems.
An NCSC spokesperson told Motherboard in an email, „We are aware of reports of malicious cyber activity targeting the energy sector around the globe. We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK.“
The motivation behind these hacking attempts is unclear. As the report mentions, state-sponsored hackers have previously targeted the energy sector for espionage, or for preparation of conflict.
These UK intrusions appear to be part of a broader campaign across multiple countries and continents.
„Previous Russian intrusions focused on critical infrastructure have targeted the US and the West simultaneously. We have found evidence that this actor has targeted Turkey and Ireland and suspect that their activity is even broader,“ said John Hultquist, an analyst at cybersecurity firm FireEye.
„Targeted intrusions into civilian infrastructure is only increasing and only becoming more worrisome.
However, panic over these incidents would likely be premature. Lee pointed to a 2014 hacking campaign that targeted US and European infrastructure, but with specially tailored malware, rather than the other techniques in this case.
„Both are concerning but we are not to the point where tailored activity by the adversary is setting off alarm bells. At this point we must accept the threat is real but there is no real threat to safety,“ Lee added.
Steigende Angriffe auf die Energieversorgung werden schon länger thematisiert. Das Problem bei „steigend“ ist, dass man erst in der Rückschau wirklich sagen kann, wie stark etwas gestiegen ist, wenn man vorher den Endpunkt nicht kennt. Die Gefahr ist dabei, dass man irgendwann die Meldungen nicht mehr ernst nimmt, weil ja eh nie etwas wirklich dramatisches passiert ist. Da sind wir dann wieder bei der Truthahn-Illusion mit einem abrupten Ende. Daher geht es vorwiegend um die Frage, ob wir mit weitreichenden Ausfälle – durch was auch immer verursacht – umgehen könnten. Denn wie bei der Leittechnikstörung 2013 muss nicht unbedingt immer eine böse oder zerstörerische Absicht dahinter stecken. Wenn die falschen Dinge zusammentreffen können in komplexen Systemen kleine Ursachen rasch zu weitreichenden oder sogar verheerenden Auswirkungen führen.