Hackers Have Likely Compromised UK’s Energy Sector – GCHQ Warns of More Attacks
The UK Government Communications Headquarters (GCHQ), Britain's intelligence agency, has warned that the country's energy sector is being targeted by hackers. Some of these industrial control system organizations may have already been successfully compromised. The agency has made this claim following the discovery of "connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors."
A copy of the document that comes from a National Cyber Security Centre (NCSC) memo was obtained by Motherboard and then confirmed by the BBC shows that the country's cybersecurity agency has issued a warning claiming that "a number of Industrial Control System engineering and services organisations are likely to have been compromised." NCSC is the cybersecurity division of the kingdom's intelligence agency, the GCHQ.
From the memo, it doesn't appear if the agency is certain of these successful compromises and might just be talking about the probability of success. If too many departments were attacked, some could have succeeded. The attacks - which appear to be phishing - have been targeting the energy sector, along with engineering, industrial control, and water sector companies since June 8.
Reports follows FBI's warning that hackers were targeting UK energy firms
This memo closely follows last month's warning that the US government had issued to businesses of state-sponsored hackers targeting nuclear and energy firms. The US agency had said that hackers were using spear phishing emails to send malicious Word documents, in order to steal victim's credentials.
While the NCSC hasn't said if it has also detected phishing attacks, an earlier report by The Times suggests that military hackers had sent phishing emails to trick engineers at an Irish energy organization.
The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors.
It is unclear who is launching these attacks or what is the motivation. The report itself mentions that the state-sponsored hackers have previously also targeted the energy sector for espionage. As noted by several analysts previously, most of the cyber-advanced countries infiltrate critical systems to have the means to respond to a potential enemy when required.
However, Russia keeps getting mentioned by most of the Western intelligence agencies. While the NCSC memo doesn't mention Russia or any other country or intelligence agency, The Times' source has implicated Russia.
Two people familiar with the investigation say that, while it is still in its early stages, the hackers' techniques mimicked those of the organization known to cybersecurity specialists as "Energetic Bear," the Russian hacking group that researchers have tied to attacks on the energy sector since at least 2012.
NCSC has confirmed the legitimacy of this memo in a statement to media. "We are aware of reports of malicious cyber activity targeting the energy sector around the globe," an agency spokesperson wrote. "We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK."