State hackers ‘probably compromised’ energy sector, says leaked GCHQ memo

The UK energy sector is likely to have been targeted and probably compromised by nation-state hackers, according to a memo from Britain’s National Cybersecurity Centre.

The NCSC, a subsidiary of GCHQ, warned that it had spotted connections “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,” according to Motherboard, which obtained a copy of the document.

This information implies that direct connections are being made between computers in the UK’s energy sector and the attacker’s command-and-control apparatus. Both the Windows data-transfer protocol SMB, and the web backbone HTTP, were used to in the connections, according to Motherboard.

“NCSC believes that due to the use of wide-spread targeting by the attacker, a number of industrial control system engineering and services organisations are likely to have been compromised,” the memo says.

The NCSC has neither confirmed nor denied the memo is genuine. It told the BBC in a statement: “We are aware of reports of malicious cyber-activity targeting the energy sector around the globe … We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK.”

It makes the UK the third country in the last week to note state-sponsored intrusion of its power grid. Earlier this week, the Times reported on fears that Ireland’s Electricity Supply Board was targeted by a group with ties to the Kremlin, while 18 US-based energy companies were sent phishing emails attempting to steal credentials, according to Cyberscoop.

All the reports appear to be linked, suggesting a widespread campaign to probe energy suppliers for weaknesses, and to steal credentials which may prove useful in future attacks. It is a matter of debate whether such a campaign can itself be called an attack, since no damage has apparently been done, but it will focus attention on the risk to critical infrastructure from cyber-attacks.

In late June, the former chief of the National Grid, Steve Holliday, told the Guardian: “The UK stands out uniquely on cyber threats. Nowhere else is as worried as the UK about cyber threats: we are just off the scale on our energy system concerns on cyber.”

As far back as 2013, security researchers were identifying significant vulnerabilities in power grids that allowed a remote hacker to seize or take control of plant control systems, while Ukraine became one of the first countries to see the physical results of such attacks in 2016, when a blackout across western Ukraine was caused by a malware called “BlackEnergy”.


comments powered by Disqus