Private cyber security researchers have determined that Russian hackers are targeting Western oil and gas companies. These hackers are also going after investment firms specializing in energy. The hackers are being called "Energetic Bear" (energy hacks + Russian bears = Energetic Bear.) The hacks being performed allow the hackers to take control of the industrial control system, an impressive and dangerous feat.
It appears that the hackers are looking to hurt the competitors of their own nation's biggest industry. Security firm CrowdStrike believes Energetic Bear may even be backed by the Russian government, due to the wealth of their resources and sophistication of their attacks. Additionally, it appears Energetic Bear works standard Moscow business hours.
So far, the attacks have affected over 1,000 companies in 84 countries over the last two years. Beyond phishing, Energetic Bear infects websites that energy industry employees often visit, a tactic known as a "water hole attack." This allows the hackers to install malicious software onto a frequently visited website, and therefore gain access inside the computer network. This form of attack is done very carefully, with the hackers using encryption to make their tracks difficult to trace. The attacks have been getting progressively more aggressive, as well.
While the attacks are certainly brutal, Kevin Haley, director of the security response team at Symantec, told The New York Times "there was no evidence the Russian group intended to use its toehold in some networks to inflict damage, like blowing up an oil rig or power facility." The hackers, instead, are looking to learn the strategies and operations of the energy companies.
This article is from the archive of our partner The Wire.