'[ISN] One of the "most dangerous hackers in the world"'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] One of the "most dangerous hackers in the world"
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2018-10-24 5:41:18
Message-ID: alpine.DEB.2.20.1810240541000.9150 () ip-172-30-0-239 ! ec2 ! internal
[Download RAW message or body]

https://www.sueddeutsche.de/digital/hacker-russland-cyberangriff-1.4179866!amp

[Bing translate of German  - WK]

By Jan Lukas Strozyk and Hakan Tanriverdi
Suddeutsche Zeitung GmbH
October 23, 2018

The hackers did not waste time on trivialities. They did not spy on the 
office network, made no effort to divert data, did not use any software 
that secretly photographed the screen. This was not one of the usual 
espionage operations, the digital attackers pursuing a different goal at 
the gas power plant in Saudi Arabia. They have targeted safety systems 
that protect people and the environment. They accepted that people die.

Back in the summer of 2017 , they sneaked straight into the production 
networks. Where the plants of the gas power plant were operated.

The following cyberattack is considered one of the most dangerous in 
recent years. IT security experts see it as a blatant escalation of the 
already increasingly aggressive digital burglaries. Now there is a trail 
to the perpetrators. A state laboratory affiliated to the Russian military 
is said to have played an essential role in the preparation of the attack: 
the "Central Scientific Research Institute for Chemistry and Mechanics", 
located in Moscow. This is from a report by the IT security firm Fireeye 
to their paying customers out - he is not public. The report is available 
Süddeutscher Zeitung, NDR and WDR.


Enormous excitement in German security agencies

Fireeye is considered one of the market leaders in the analysis of hacker 
attacks. The company was commissioned by the operator of the power plant 
with the investigation of the attack. The suspected Moscow Institute is 
owned by the state and has existed since 1894. In the tsarist period, 
people started experimenting with gunpowder. Today, the laboratory has 
specialized in the development of military equipment. The report said that 
the staff of the Moscow Institute had, among other things, the task of 
allowing hackers to penetrate unnoticed in the network.

Immediately after the attack became public knowledge in December 2017, 
employees of the Federal Office for Information Security (BSI) responsible 
for IT security met for weeks with companies in the chemical industry. 
After all, hundreds of industrial plants in Germany use similar security 
systems. The actions of the attackers in Saudi Arabia were analyzed in 
detail. Two sources confirmed that experts from the agency and the 
companies have reconstructed key steps in the attack in a specially 
equipped test environment. In June 2018, the BSI publishes technical tools 
that help companies detect such attacks at an early stage.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic