Story image

Germany infiltrated by Russian group that crippled Ukraine’s power

09 May 18

In modern global countries, electricity goes without saying – it’s just there.

But news has emerged that reveals it’s not quite as secure as you might think. One of the largest daily newspapers in Germany (Süddeutsche Zeitung, also known as SZ) published an article last week that claimed Russian threat actors had "infiltrated the networks of at least two energy providers in Germany."

The article was confirmed by three independent sources and also attests that the Russian group in question is the same one that attacked the Ukrainian power grid in 2015 and 2016, known as Sandworm.

In the Ukraine case, hackers managed to breach the computer systems of a number of power operators to effectively cut the supply to the city, making it one of the most effective hacking cases the world has ever seen – so well choreographed in fact that experts asserted only a government could be behind it.

The same hackers apparently succeeded in penetrating the networks of at least two German energy providers in the summer of 2017, albeit in the early stages.

CyberX industrial cybersecurity VP Phil Neray says this news shows that Russian threat actors have expanded their critical infrastructure targets beyond the Ukraine – and beyond the U.S. – to include western Europe.

“It's not surprising given Russia's stated strategy of leveraging cyber to exert its geopolitical muscle on the global stage. The recent FBI/DHS alert confirmed that Russian cyberattackers have successfully compromised U.S. critical infrastructure since at least 2016,” says Neray.

“Industrial control networks are notoriously insecure. According to CyberX's ‘Global ICS & IIoT Risk Report,’ which analysed traffic data from 375 production industrial control networks worldwide, 60% of industrial sites are still using plain-text passwords and 3 of 4 are still running outdated versions of Windows like Windows XP and Windows 2000.”

In terms of how we can prevent these attacks from happening to critical infrastructure, Neray is adamant.

“Industry best practices suggest that continuous monitoring with behavioral analytics is a key way to identify and stop these attacks during the early cyber reconnaissance stage – before attackers can launch more destructive or disruptive attacks like the ones we've seen in both the Ukraine and Saudi Arabia,” Neray concludes.

The possibilities and potential implications of a hacked power grid are infinite as aforementioned, we have come to rely on it as always being there. Due to the increasing networking of modern power systems, cybercriminals could not only disrupt the supply but also selectively damage it.

Without electricity there would be no trains, no ATMS, no water, no heating or flushing… the list goes on.