Russian Hackers Targeting Oil and Gas Companies
Russian hackers have been systematically targeting hundreds of Western oil and gas companies, as well as energy investment firms, according to private cybersecurity researchers.
The motive behind the attacks appears to be industrial espionage — a natural conclusion given the importance of Russia’s oil and gas industry, the researchers said.
The manner in which the Russian hackers are targeting the companies also gives them the opportunity to seize control of industrial control systems from afar, in much the same way the United States and Israel were able to use the Stuxnet computer worm in 2009 to take control of an Iranian nuclear facility’s computer systems and destroy a fifth of the country’s uranium supply, the researchers said.
The Russian attacks, which have affected over 1,000 organizations in more than 84 countries, were first discovered in August 2012 by researchers at CrowdStrike, a security company in Irvine, Calif. The company noticed an unusually sophisticated and aggressive Russian group targeting the energy sector, in addition to health care, governments and defense contractors.
The group was named “Energetic Bear” because the vast majority of its victims were oil and gas companies. And CrowdStrike’s researchers believed the hackers were backed by the Russian government given their apparent resources and sophistication and because the attacks occurred during Moscow working hours.
In addition to basic hacking techniques, like sending mass emails containing malicious links or attachments, the group infected websites frequented by energy workers and investors in what is known as a “watering hole attack.”