Technology Sectors

Market Sectors

BlackEnergy threatens U.S. infrastructure

Investigators have discovered a potential cyber security threat to the U.S. critical infrastructure. BlackEnergy is a trojan horse discovered within the software that controls oil and gas pipelines, water systems, and power transmission grids in the U.S. Using Black Energy, hackers could have the ability to use the internet to shut down pipelines, nuclear power plants, wind turbines, and water treatment plants.

Department of Homeland Security’s (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) identified the sophisticated malware believed to be inserted by hackers sponsored by the Russian government.

ICS-CERT has determined that users of HMI products from various vendors have been targeted in this campaign, including GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC. It is currently unknown whether other vendor’s products have also been targeted, according to DHS. ICS‑CERT is working with the involved vendors to evaluate this activity and also notify their users of the linkages to this campaign.

According to DHS, the BlackEnergy hacking campaign has been ongoing since 2011, but no attempt has been made to activate the malware to damage, modify, or otherwise disrupt affected systems. ICS-CERT officials believe that Russian intelligence agencies helped place the malware in key U.S. systems as a threat or a deterrent to a U.S. cyberattack on Russian systems -- mutual assured destruction from a cold war-era playbook.

ICS-CERT has not been able to verify if the intruders expanded access beyond the compromised HMI into the remainder of the underlying control system. However, typical malware deployments have included modules that search out any network-connected file shares and removable media for additional lateral movement within the affected environment. The malware is highly modular and not all functionality is deployed to all victims, according to DHS.

Black Energy is the same malware that was used by a Russian cyber-espionage group dubbed Sandworm, to target NATO and some energy and telecommunications companies in Europe earlier this year. Investigators found linkages in the shared command and control infrastructure between the BlackEnergy and Sandworm campaigns, suggesting both are part of a broader campaign by the same threat actor.

ICS-CERT coordinates control systems-related security incidents and information sharing with Federal, State, and local agencies and organizations, the intelligence community, and private sector constituents, including vendors, owners and operators, and international and private sector CERTs. The focus on control systems cybersecurity provides a direct path for coordination of activities among all members of the critical infrastructure stakeholder community.


Recent Videos

IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...