The Department of Homeland Security (DHS) has indicated that Russian hackers targeted the energy, nuclear, aviation and critical manufacturing sectors through targeting phishing campaigns throughout 2017 and were successful.

According to DHS, the coordinated attack started in 2016 with one compromise that was dormant for a year until other infiltrations occurred. The hackers targeted real people by downloading open-source information such as photographs on company websites and other publicly available information, and then tricked employees into entering passwords onto spoofed websites. The hackers were then able to use the passwords to access and compromise corporate systems. Vendors of these sectors were also successfully targeted.

This is an old trick by an old cyber adversary. The targeted companies included small companies with limited cybersecurity measures to large companies with very sophisticated cybersecurity defenses. The fundamental similarity was that they were all successful because employees of the companies were tricked into providing their passwords for access.

Although the Russians had the ability to cause mass blackouts as a result of the successful phishing campaign, they chose not to do so because they appeared to be “more focused on reconnaissance.”

According to DHS, the hackers chose their targets methodically, obtained access to the systems, conducted reconnaissance and then tried to cover their work by deleting evidence of the intrusions.

Critical infrastructure, including the energy and manufacturing sectors will continue to be targeted, and it is imperative that employees are aware of the methodical targeting and have tools to combat these sophisticated targeted phishing schemes, including education and awareness, software tools and support from IT and management.

[View source.]