Hackers are believed to target the UK’s energy sector and some industrial control systems have likely been compromised, according to a recent report from UK’s National Cyber Security Centre, part of UK’s intelligence agency GCHQ.
Because the activity was reported in other sectors, such as public water and other engineering-based areas, this was seen as part of a wide-spread attack. With some of these companies being part of UKs supply chain for critical infrastructure, the report says attackers may have access to other critical systems as well.
“The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,” according to the report. “NCSC believes that due to the use of wide-spread targeting by the attacker, a number of Industrial Control System engineering and services organizations are likely to have been compromised.”
The attack wave is estimated to have started around June 8, but no attribution as to who might be behind it or why they’re attacking. While similar incidents have been recorded in the past, the report mentions that affected systems send credentials to attacker-controlled IP addresses using the SMB and HTTP protocols.
While there’s currently no mention of the attack vector used to compromise the industrial systems, the mention of the SMB protocol – the one responsible for the WannaCry and GoldenEye ransomware outbreaks – could imply that the same type of vulnerability is being exploited. However, similar attacks on critical US infrastructures have been attributed to Russian hackers sending spearphishing emails.
“We are aware of reports of malicious cyber activity targeting the energy sector around the globe,” said a NCSC spokesperson. “We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK.”