{"id":3092,"date":"2017-07-10T13:44:00","date_gmt":"2017-07-10T20:44:00","guid":{"rendered":"https:\/\/zed.inguardians.com\/?p=3092"},"modified":"2019-08-19T13:41:39","modified_gmt":"2019-08-19T20:41:39","slug":"dhs-fbi-warn-of-attacks-against-us-energy-manufacturing-companies-and-employees","status":"publish","type":"post","link":"https:\/\/zed.inguardians.com\/brief\/dhs-fbi-warn-of-attacks-against-us-energy-manufacturing-companies-and-employees\/","title":{"rendered":"DHS &#038; FBI warn of attacks against US energy &#038; manufacturing companies and employees"},"content":{"rendered":"<h5 class=\"et_pb_toggle_title\">DHS &amp; FBI warn of attacks against US energy &amp; manufacturing companies and employees<\/h5>\n<div class=\"et_pb_toggle_content clearfix\">\n<div>\n<p><strong>Issue<\/strong><br \/>\nDHS and the FBI released a<a href=\"https:\/\/www.inguardians.com\/tlp\/\"> TLP:AMBER<\/a> report warning US energy sector and manufacturing companies about ongoing cyber operations. \u00a0These operations include sophisticated physical and cyber attacks, as well as activities targeting employees and operators with the aim of infiltrating air-gapped networks.<\/p>\n<p><strong>Impact<\/strong><br \/>\nOur customers in the energy sector have seen scanning and attacks increase in the last month, but one interesting twist about the report is the targeting\u00a0of individual employees in order to infiltrate secure networks.\u00a0 Many details regarding the attacks are now known to the public, in part because an irresponsible organization\u00a0shared a TLP:AMBER report with the press. \u00a0The approach of going after operators and employees to target secure networks is reminiscent of how GHCQ hacked into Belgicom\u2019s NOC.<br \/>\nThis warning comes almost one month since Robert Lee and his team at Dragos released their research on the \u00a0CRASHOVERRIDE malware, along with ESET\u2019s analysis of Industroyer.\u00a0Keep in mind that Robert Lee will be presenting details on CRASHOVERRIDE at Black Hat in just a few weeks.<\/p>\n<p><strong>Recommendations<\/strong><br \/>\nYour key operations and security staff should be trained in operational security (opsec). Include physical security\u00a0tests and targeting specific roles and personnel as\u00a0part of your routine security assessments.<\/p>\n<p><strong>Additional Resources<\/strong><\/p>\n<p>News regarding recent hacking of nuclear plant:<\/p>\n<\/div>\n<ul>\n<li><a href=\"https:\/\/www.nytimes.com\/2017\/07\/06\/technology\/nuclear-plant-hack-report.html\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.nytimes.com\/2017\/07\/06\/technology\/nuclear-plant-hack-report.html<\/a><\/li>\n<li><a href=\"http:\/\/thehill.com\/policy\/cybersecurity\/340938-russians-suspected-to-be-behind-hacks-of-nuclear-plant\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/thehill.com\/policy\/cybersecurity\/340938-russians-suspected-to-be-behind-hacks-of-nuclear-plant<\/a><\/li>\n<\/ul>\n<div>CRASHOVERRIDE:<\/div>\n<ul>\n<li><a href=\"https:\/\/dragos.com\/blog\/crashoverride\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/dragos.com\/blog\/crashoverride\/<\/a><\/li>\n<li><a href=\"https:\/\/dragos.com\/blog\/crashoverride\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.blackhat.com\/us-17\/briefings.html#industroyer-crashoverride-zero-things-cool-about-a-threat-group-targeting-the-power-grid<\/a><\/li>\n<\/ul>\n<div>Historical piece on GCHQ targeting Belgicom employees:<\/div>\n<ul>\n<li><a href=\"https:\/\/theintercept.com\/2014\/12\/13\/belgacom-hack-gchq-inside-story\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/theintercept.com\/2014\/12\/13\/belgacom-hack-gchq-inside-story\/<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>DHS &amp; FBI warn of attacks against US energy &amp; manufacturing companies and employees Issue DHS and the FBI released a TLP:AMBER report warning US energy sector and manufacturing companies about ongoing cyber operations. \u00a0These operations include sophisticated physical and cyber attacks, as well as activities targeting employees and operators with the aim of infiltrating [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[169],"tags":[111,112,113],"_links":{"self":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3092"}],"collection":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/comments?post=3092"}],"version-history":[{"count":1,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3092\/revisions"}],"predecessor-version":[{"id":3093,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3092\/revisions\/3093"}],"wp:attachment":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/media?parent=3092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/categories?post=3092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/tags?post=3092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}