Russian hackers’ ‘Trojan Horse’ malware inside U.S. critical infrastructure since 2011
By Douglas Ernst - The Washington Times - Updated: 11:06 a.m. on Friday, November 7, 2014
A Russian hacking campaign against U.S. critical infrastructure has gone on since 2011 and puts hundreds of thousands of Americans at risk.
Much of the nation’s critical infrastructure has been compromised by a “Trojan Horse” malware program, which puts everything from nuclear power plants to power grids at risk, national security sources toldABC News on Thursday. The Department of Homeland Security also released a bulletin on the “BlackEnergy” malware, which is connected to Russia’s “Sandworm Team.”
In October it was revealed that Russian Sandworm hackers spied on NATO, Ukraine and the European Union since 2009 by taking advantage of a previously unknown vulnerability found on Microsoft Windows operating systems. The company fixed the problem shortly after it was announced in conjunction with the cybersecurity firm iSight Partners.
“Analysis of the technical findings in the two reports shows linkages in the shared command and control infrastructure between the [BlackEnergy and Sandworm] campaigns, suggesting both are part of a broader campaign by the same threat actor,” the DHS bulletin said, ABCreported.
The network’s sources said they believe the malware is reminiscent of “the old, Cold War playbook,” where a devastating U.S. cyberattack on Russian interests would provoke a response that would guarantee mutually assured destruction.
Russia is also believed to be behind July’s cyberattack on JPMorgan Chase & Co. that compromised the names, addresses, phone numbers and contact information of over 83 million people. The company was unable to completely shut out its attackers until August.
“It was a huge surprise that they were able to compromise a huge bank like JPMorgan,” said Al Pascual, a security analyst with Javelin Strategy and Research, told the Times Oct. 3. “It scared the pants off many people.”
Update: The Nuclear Energy Institute challengedABC’s reporting on Friday via its Twitter account, saying that the nuclear sector “recently received classified briefing by DHS on this Russian malware campaign,” and that “U.S. nuclear plants are isolated from external networks.”