Hackers could have infiltrated the UK's energy grid, GCHQ's National Cyber Security Centre (NCSC) has said. The authority warns that some firms' industrial control systems are likely to have been successfully compromised - and nation state hackers are the likely culprits.
At the same time as the NCSC issued its warning (in a document obtained by Motherboard), The Times carried a story about Russian government-backed hackers attacking the energy sector in the Republic of Ireland using phishing emails. Although the original NCSC report does not mention Russia by name, attacks on Ireland could have been used to gain access to the UK's energy grid.
The attacks are thought to be part of a wider campaign, which has so far targeted companies in the USA and Turkey, as well as Ireland. The NCSC said, 'We are aware of reports of malicious cyber activity targeting the energy sector around the globe... We are liasing with our counterparts to better understand the threat and continue to manage any risks to the UK.'
Harmful activity began last month, around the 8th June, and has affected sectors such as engineering, industrial control and water. It is likely that some systems have been successfully hacked,'due to the use of wide-spread targeting by the attacker.'
'The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,' the report says. Specifically, the infrastructure in targeted organisations is connecting to known malicious IP addresses using data transfer protocol SMB, as well as HTTP.
A separate report, from the FBI, mentions hackers using spear phishing emails to steal victims' credentials and map out network drives. 18 energy companies in the USA were said to have been targeted, according to one source.
Robert M. Lee, founder and CEO of industrial control system security firm Dragos, told Motherboard, "We are not to the point where tailored activity by the adversary is setting off alarm bells. At this point we must accept the threat is real but there is no real threat to safety."
FireEye analyst John Hultquist said earlier this month that the global attacks on energy companies are likely to have been carried out by the same group, whose movements were first seen in 2015.
Russia was also blamed for one of the most serious infrastructure hacks to date, when an attack on a Ukrainian energy company in late 2015 left large parts of the country without power.
Should you link your data sets to add value, or leave them separate to reduce risk?
Can process camera images in real-time at up to 171 frames per second
Graphene and Kevlar used to make 'the world's toughest' shoes
Ecostress instrument will provide new insights into water usage and plant health on Earth