Hacking targeting American natural gas companies was discovered on the eve of Russia's invasion of Ukraine

Immediately before Russia's invasion of Ukraine, which began on February 24, 2022, state-sponsored hackers were attacking American natural gas companies, which have a large presence as a resource-rich country except Russia. That was revealed by Bloomberg's report in the economic media.

Hackers Targeted US LNG Producers in Run-Up to Ukraine War --Bloomberg


The international community, centered on the United States, has severely criticized Russia's invasion of Ukraine, but Western countries are reluctant to impose strict economic sanctions in regions that are highly dependent on Russia's energy supply, such as Germany. The current situation is that it is hard to say that they are in line.

Regarding the energy industry, which is a key point in Western countries, Bloomberg said on March 8th, 'In mid-February, 20 major American natural gas suppliers and exporters, including

Chevron , Cheniere Energy and Kinder Morgan . It was revealed that a hacker had invaded the PCs of the above employees or former employees. '

According to Gene Yoo, CEO of Resecurity, a security company that discovered this simultaneous hacking attack, the attack targeted companies involved in the production of liquefied natural gas (LNG) , which caused Russia to invade Ukraine. By the time it started, the international energy market was already in a state of turmoil due to supply shortages.

Some of the hacks that triggered Resecurity's investigation involved Fancy Bear , a hacker group allegedly behind the General Information Bureau of the Russian Federation Army Chief of Staff .

Materials provided by Resecurity to Bloomberg show that in February alone, more than 100 PCs owned by current and former employees of 21 major energy companies were compromised. In some cases, the hacker broke into the PC himself, and in other cases, the hacker purchased the intrusion route sold on the dark web, and the hacker paid $ 15,000 (about 1.7 million yen). He pointed out that there were some cases presented.

'The hacker's trick was to use a'pre-deployed'machine, an already hacked bastion machine, to break into a corporate network that was supposed to be protected,' Yoo said. Former employees' PCs are as valuable as active employees for this type of offense, as many companies do not block remote access when they retire or leave them alone for some time after they retire. '.

The affected companies are all major energy companies that play a central role in the supply of LNG by the United States. LNG can be transported to various parts of the world by tanker, and it will be in demand from the latter half of 2021 due to the fact that fuel demand is increasing in winter and European countries are struggling to procure LNG from other than Russia. Is increasing explosively.

Resecurity has not determined that the hack was aimed at cutting off the energy supplied by the United States to Europe, but Yoo said, 'This attack was done by a state-backed hacker. I'm thinking. '

in Security, Posted by log1l_ks