« prev   random   next »


North Korea Has Built A Team Of Hackers That Could Hit US Power Grids

By ohomen171 following x   2018 Mar 4, 7:02am 1,178 views   2 comments   watch   nsfw   quote     share    

#North Korea Hackers:North Korea has built a team of hackers that could hit U.S. power grids
The West should be concerned, security experts said.

North Korean hackers have been accused of orchestrating some of the most high-profile cyber attacks of recent years — including the WannaCry ransomware attack that infected 200,000 computers across 150 countries. Now Pyongyang’s state-backed hackers are shifting focus to critical infrastructure, such as nuclear power plants and oil refineries, according to researchers at Dragos cybersecurity firm.
The latest threat comes from hacking group “Covellite,” which was spun out of the state-backed hacker group Lazarus, known for allegedly conducting some of the most high-profile cyber attacks of recent memory.
Researchers from Dragos said they were able to link the new group to Pyongyang because the hackers used many of the same cyber weapons and servers tracked in the attack on Sony Pictures in 2014. Dan Gunter, the company’s principal threat analyst, told VICE News that the shift in focus towards critical systems marked an escalation from Pyongyang:

“The hackers are now starting to look at industrial control systems, or get into that space, and that is worrisome.”

Industrial control systems are the points at which the cyber world meet the physical one. Because of their efficiency, they are increasingly used across major industries and in some of the most critical infrastructures around the world. These systems do everything from controlling nuclear power plants to monitoring electrical grids and oil fields. Recently hackers have started to exploit their vulnerabilities.

Dragos says it analyzed 163 new security vulnerabilities that appeared in industrial-control components in 2017. It found that 61 percent of them would likely cause “severe operational impact” if exploited in a cyberattack.

The vulnerability of these systems was most nakedly exposed in Ukraine, where a Russian-linked group of hackers shut off the power to hundreds of thousands of users in December 2016, in what security experts viewed as a stark warning of the hacking wars to come.

Under the shadow of its nuclear missile program, North Korea has ramped up the size and sophistication of its cyber army in recent years. Given the level of sophistication the Lazarus group has demonstrated, researchers now worry the elite hacking group will share its techniques with Covellite, the team targeting critical systems in the West.

Dragos first spotted the North Korean group’s activity in September 2017, when they conducted a highly-targeted attack against an unnamed U.S. electric company.

The hackers used carefully-tailored emails to trick employees of the electric company into downloading malware, a tactic Gunter said that has grown common in these type of attacks.

“These attackers are not just shooting it out, they are actually looking at local topics to build their phishing messages around,” Gunter said, saying the group is also looking at targets in the Europe.

Darien Huss, a researcher at cybersecurity firm Proofpoint, believes it’s only a matter of time before more sophisticated attacks are launched on these industrial control systems.

“Repeated attacks and continued innovation from this group have been used to target other industries, including the financial sector,” said Huss. “Therefore it would not be surprising to see this level of sophistication aimed at ICS-related organizations.”

Proofpoint, which also tracks North Korea’s hacking efforts, said they have not observed any new attacks against critical infrastructure targets by the Covellite group since September 2017.

Observers paying close attention to western infrastructure's glaring vulnerabilities continue to point to the attack on Ukraine as the road flare for this nascent threat. Yet unlike those who attacked Ukraine, this new breed of North Korean hackers haven’t attracted much attention to date. That’s mainly because they haven’t conducted any attacks that have caused destruction to the systems they infiltrate.

“It could be they are gaining access to have the option to perform attacks one day, should they choose to,” Chris Doman, a security researcher at AlienVault, told VICE News. “That's the route that Russian hackers took — the Department of Homeland Security warned of them gaining access to power companies a full two-years before the actual attacks started.”

Click here to Reply or Forward
1   WookieMan   ignore (0)   2018 Mar 4, 10:17am   ↑ like (0)   ↓ dislike (0)   quote   flag        

ohomen171 says
critical infrastructure, such as nuclear power plants and oil refineries, according to researchers at Dragos cybersecurity firm.

Sure, it's not impossible, but I have a hard time believing mission critical infrastructure in these systems (nuclear plants or refineries) is just "connected" to the internet. There should be no "work from home" employees at a nuke plant, so not sure why any of their systems would need to be on a network connected to public internet. I know there are way more tech guys here then me, so why would a nuke plant have any mission critical computer connected to something that can be accessed from outside?

Seems like a lot of cyber security firms just trying to get press if you ask me. Shoot me down if I'm wrong as this isn't a field I fully understand.
2   rocketjoe79   ignore (0)   2018 Mar 4, 2:26pm   ↑ like (0)   ↓ dislike (0)   quote   flag        

We are also at fault here - remember StuxNet?
I visit plants all the time, and many are getting connected - it's about cost. So there is surely a threat, one hopes the "authorities" are taking this shit seriously and hardening or physically firewalling critical systems. Anything computerized can be hacked, if connected, or penetrated by various soft methods. DoD was hacked when someone found a planted USB drive that contained malware and plugged it in to see what it contained. F35 plans completely compromised, probably with Chinese honeypot assistance. Russians and Chinese use the DPRK. Iran and others as a proxies to fight their cyberwars. We have 80K people in the Navy alone in Cyber Command! lots of resources on both sides.

about   best comments   contact   one year ago   suggestions