Weekly Comments

11 - 18 December 2018

This week there were multiple reports about cyberattacks on critical information infrastructure sectors around the world, raising concerns about the potential damages on the national security of affected countries.
This week there were multiple reports about cyberattacks on critical information infrastructure sectors around the world, raising concerns about the potential damages on the national security of affected countries. These reports also raised questions about our preparedness to fend off cyberattacks by advanced, persistent threat actors.

Russian hackers had broken into the IT systems of military and state institutions in western Ukraine. An unidentified threat actor had been using more than two dozen websites to mimic actual Russian critical infrastructure companies over the last three years. The BlueMushroom group targeted China in relation to APEC and other large-scale conferences. Researchers discovered that hackers had used popular spyware tools to pilfer more than 40,000 sets of login credentials for online government services, mostly from Europe. An Iran-linked APT group has been targeting the oil and gas sector in the Middle East and Europe with the third version of the Shamoon malware.

Hackers stole data from a French foreign ministry website created for citizens travelling abroad. The Charming Kitten APT group, which has links to Iran, attempted to hack into the private emails of think tank employees, nuclear scientists, and US Treasury officials who played a key role in enforcing the nuclear deal between the US and Iran. Chinese hackers hacked US Navy contractors to pilfer a tranche of information, including missile plans. Researchers also found that hackers have been using the Gootkit trojan against Italian government institutions.

Critical information infrastructure sectors are an alluring target for state-sponsored hackers because they have in possession highly valuable national security information that could be used by antagonistic states to construct foreign policies in their own favour. Financially motivated cybercriminals may sell the stolen information to antagonistic states or on the underground market. It is therefore imperative that governments prioritise the security of their critical information infrastructure sectors and keep abreast of the latest cyber threats to avoid falling prey to potential attacks. 

References:
[1] Russian hackers broke into Ukrainian military IT system: security service
[2] Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure
[3] BlueMushroom organizes the latest trends and recent attacks
[4] Hackers Steal Over 40k Logins for Gov Services in 30 Countries
[5] Cyber pirates hack French foreign ministry webpage
[6] Iran-linked hacker group Charming Kitten hacks nuclear scientists, US sanctions officials
[7] Chinese hackers targeting US Navy contractors with multiple breaches - WSJ
[8] Gootkit Campaign Targeting Italian Government Institutions
[9] New Shamoon V3 Malware Targets Oil and Gas Sector in the Middle East and Europe
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence