Feds warn about cyberattacks on energy, industrial firms

The Department of Homeland Security and the Federal Bureau of Investigation issued a joint statement on Friday warning of an increased danger posed to infrastructure sectors by a malicious “multi-stage intrusion campaign,” which the agencies warned had successfully compromised several of their security networks. 

The analysis points to cyberattack campaigns going on since at least May of 2017 that the agencies said have been targeting the aviation, energy and nuclear industries. 

{mosads}

The agencies did not name any specific networks that had been compromised by the attacks. 

Hackers reportedly used emails and malicious websites in a phishing campaign to obtain the credentials necessary to access and sabotage the networks.

According to the report, the campaigns first focus on “staging targets,” third-party and peripheral organizations tied to the primary targets which hackers then use to house their malware for attacks.

The agencies said that the hackers were targeting the company-controlled sites of specific agencies, to access information on equipment and organizational designs and “control-system capabilities” that could be used to further harm the organizations. 

The new revelations of hacking attempts represent an escalation of initial threats identified by the agencies in an earlier report provided to Reuters in June, which identified a narrower set of nefarious activity targeting energy, nuclear and manufacturing sectors.