Core router compromised in DragonFly 2.0 attacks on critical infrastructure
March 31, 2018
Seid Yassin (557 articles)

Core router compromised in DragonFly 2.0 attacks on critical infrastructure

Cylance researchers say a core router was compromised in cyberattacks against energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors that the U.S. has accused Russia of carrying out.

Cylance researchers said the discovery’s significance far outweighs its size, given that core router compromises are considerably harder to detect, analyze, patch, and remediate than compromises of PCs, according to a March 16 blog post.

On March 15, The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) took the unusual step of issuing an alert fingering the Russian government for targeting U.S. critical infrastructure with cyberattacks.

The U.S. agencies unveiled a “multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks,” the alert said. Once they obtained access, “the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).”

This was the first times the U.S. government has publicly attributed these sort of attacks to the Russians.

Cylance researchers said the targeting of this infrastructure is a serious and worrisome discovery because once exploited, vulnerabilities in core infrastructure such as routers are not easily closed or remediated.

Source | scmagazine