This post is also available in: עברית (Hebrew)
Cyberattacks against industrial players, providers of critical infrastructure and facilities, and energy corporations – whether oil, natural gas, or renewable energy – are frequently not motivated by a desire to make quick cash. One of their primary goals is to steal information or disrupt systems so as to cause a real disruption.
The cyber attack on Colonial Pipeline, the largest US fuel provider, is only one example of the supply chain damage that digital attacks may cause. However, further investigation finds that only two known hackers are responsible for more than half of all attacks.
While the US fuel pipeline supplier briefly shut down its services to investigate the cyber attack, fuel panic spread across the United States. Another American firm, JBL, was targeted in a similar attack and paid a $ 11 million ransom, which was not sufficient to prevent supply chain delays and reduce market uncertainty.
Cyberattacks directed at the industrial sector and led by Advanced Persistent Threat (APT) groups are often political in nature.
While tensions between Russia and Ukraine are at an all-time high, and Russia is being accused of continued cyberattacks, the Kremlin continues to deny any role in the operations. Russia has already been blamed for a cyber attack on Ukraine in 2015, during which the country’s electrical grid was shut down.
This year’s Dragos report on threats to industrial control systems (ICS) and operational technology (OT) uncovered three new groups of industrial hacker groups. According to ZDNet.com, the three new hacker groups are Kostovite (active since 2021), Petrovite (active since 2019) and Erythrite (active since at least 2020).
Kosovite Group has targeted institutions in North America and Australia; Petrovite Group has focused on mining and energy businesses in Kazakhstan; and Erythrite has targeted various organizations in the U.S. and Canada, including oil and gas organizations, infrastructure, and power companies.