Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

One of the "most dangerous hackers in the world"

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 24 Oct 2018 05:41:18 +0000 (UTC)
https://www.sueddeutsche.de/digital/hacker-russland-cyberangriff-1.4179866!amp

[Bing translate of German  - WK]

By Jan Lukas Strozyk and Hakan Tanriverdi
Suddeutsche Zeitung GmbH
October 23, 2018
The hackers did not waste time on trivialities. They did not spy on the office network, made no effort to divert data, did not use any software that secretly photographed the screen. This was not one of the usual espionage operations, the digital attackers pursuing a different goal at the gas power plant in Saudi Arabia. They have targeted safety systems that protect people and the environment. They accepted that people die.
Back in the summer of 2017 , they sneaked straight into the production networks. Where the plants of the gas power plant were operated.
The following cyberattack is considered one of the most dangerous in recent years. IT security experts see it as a blatant escalation of the already increasingly aggressive digital burglaries. Now there is a trail to the perpetrators. A state laboratory affiliated to the Russian military is said to have played an essential role in the preparation of the attack: the "Central Scientific Research Institute for Chemistry and Mechanics", located in Moscow. This is from a report by the IT security firm Fireeye to their paying customers out - he is not public. The report is available Süddeutscher Zeitung, NDR and WDR. 


Enormous excitement in German security agencies
Fireeye is considered one of the market leaders in the analysis of hacker attacks. The company was commissioned by the operator of the power plant with the investigation of the attack. The suspected Moscow Institute is owned by the state and has existed since 1894. In the tsarist period, people started experimenting with gunpowder. Today, the laboratory has specialized in the development of military equipment. The report said that the staff of the Moscow Institute had, among other things, the task of allowing hackers to penetrate unnoticed in the network.
Immediately after the attack became public knowledge in December 2017, employees of the Federal Office for Information Security (BSI) responsible for IT security met for weeks with companies in the chemical industry. After all, hundreds of industrial plants in Germany use similar security systems. The actions of the attackers in Saudi Arabia were analyzed in detail. Two sources confirmed that experts from the agency and the companies have reconstructed key steps in the attack in a specially equipped test environment. In June 2018, the BSI publishes technical tools that help companies detect such attacks at an early stage. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: