May 2, 2024 at 08:09AM
US, Canada, and UK government agencies issue recommendations to safeguard critical infrastructure from pro-Russia hacktivists’ attacks on industrial control and operational technology systems. The attacks targeted sectors like water systems, dams, energy, and agriculture primarily through vulnerable human-machine interfaces. Hackers with ties to Russian government’s Sandworm group pose physical threats, prompting heightened security measures.
Key Takeaways from the Meeting Notes:
1. Government agencies from the US, Canada, and the UK are providing recommendations to critical infrastructure organizations following a series of attacks by apparent pro-Russia hacktivists against industrial control systems (ICS) and operational technology (OT) systems.
2. Hacktivist groups have been attempting to compromise ICS and OT systems in North America and Europe, particularly targeting sectors such as water and wastewater systems, dams, energy, and food and agriculture.
3. Hackers have mainly targeted internet-exposed human-machine interfaces (HMIs) using default passwords and outdated VNC software.
4. Recent attacks prompted a new alert due to pro-Russia hacktivists manipulating HMIs, causing disruption to water pumps and blower equipment in water and wastewater systems.
5. Threat actors claimed to be pro-Russia hacktivists have also targeted the water sector in France, suggesting that they had attacked a hydroelectric power plant but actually targeted a small mill.
6. The government agencies warn that while most observed activity caused only “nuisance effects,” the hackers “are capable of techniques that pose physical threats against insecure and misconfigured OT environments”.
7. Google Cloud’s Mandiant suggested that the ‘hacktivists’ linked to the ICS attacks appear to be tied to a highly sophisticated hacking unit of the Russian government, specifically Sandworm (APT44).
8. The fact sheet includes recommendations for network defenders, OT device manufacturers, and targeted organizations.
These clear takeaways summarize the main points from the meeting notes, providing a concise overview for further action and decision-making.