The Department of Homeland Security and the FBI issued a joint alert last week:
Russian government cyber actors” have been targeting U.S. critical infrastructure sectors, including energy, nuclear and commercial facilities, since at least March 2016.
This alert isn’t for any other data breach. but it is nation state sponsor cyber war and now they are targeting energy sector (e.g power grid). Trying to kill life line of every citizen. Russian has done this before in Ukraine and it is well documented. Recently North Korean was almost successful in targeting Indian Nuclear plant. This seems beginning a new norm in complex Information era.
Following techniques are being used:
- spear-phishing emails (from compromised legitimate account),
- watering-hole domains,
- credential gathering,
- open-source and network reconnaissance,
- host-based exploitation, and
- targeting industrial control system (ICS) infrastructure.
- Domain Controllers
- File Servers
- Email Servers
- Power Grids
Reads more in below document and how cyber activity happens in different stages.
Read General Best Practices Applicable to this Campaign.