Phil Neray commented below, as part of our experts comments series, on reports coming out from a cyber research forum in Washington DC (Wired, NY Post) that the Russian “Energetic Bear” hacking group is still actively probing the U.S. power grid critical infrastructure.
Phil Neray, VP of Industrial Cybersecurity at CyberX:
“Adversaries don’t usually install footholds in enemy territory unless they plan to eventually launch an attack. Energetic Bear has been active in our critical infrastructure since at least 2014, when they injected Havex malware into software downloads from industrial automation vendors, giving them direct access to industrial control systems in a range of industries from energy to chemicals to pharmaceuticals. Infecting software downloads is also the same technique that Russian threat actors used to spread NotPetya, which caused billions of dollars in damage to industrial firms worldwide — so it’s clear they aren’t afraid of causing massive chaos when they decide it’s time to make it happen.”