In the middle of last month, hackers gained access to the computers of current and former employees of about twenty of the largest natural gas suppliers and exporters in the United States, including Chevron, Cheniere Energy and Kinder Morgan, Bloomberg News reports.
The attacked companies specialize in the production of liquefied natural gas (LNG) and were the first step on the way to stealing data from a critical sector of the energy industry, said Gene Yoo, head of the Los Angeles company Resecurity, who discovered the attacks. The malicious campaign began on the eve of Russia’s entry of troops into Ukraine on February 24.
Researchers have identified a small number of hackers, including cybercriminals associated with a wave of attacks on European organizations in 2018, named by Microsoft Strontium specialists. Experts associate the Strontium group with the Main Intelligence Directorate of the Russian Federation.
Hackers posted an ad on the darknet about their willingness to buy access to the personal computers of employees of large American gas companies. The researchers managed to identify the servers belonging to the attackers and found a vulnerability in the software, thanks to which they were able to get files from computers and see what the hackers managed to do.
Judging by these files, during a two-week blitz operation in February 2022, attackers gained access to more than 100 thousand computers belonging to employees of 21 gas companies. In some cases, hackers broke into machines themselves, in others they bought access to certain systems that had already been hacked by other cybercriminals (the cost of access to each computer was $ 15 thousand).
The goals of the malicious operation are unclear, but the timing coincides with serious changes in the energy industry caused by Russia’s troops entering the territory of Ukraine. According to Yu, hackers working for the government are behind the attack.
Yu described the hackers’ actions as a “preposition”. In other words, they used hacked machines as a springboard to infiltrate corporate networks. For such purposes, computers are suitable not only for present, but also for former employees, since very often after dismissal they still have access to corporate networks.