FBI and DHS warn of cyber-security threat to critical sectors

Published: 21 November, 2017

The FBI (Federal Bureau of Investigation) and Department of Homeland Security (DHS) in the US have issued a warning about an “advanced persistent threat” that, since at least May 2017, has been targeting government bodies, critical manufacturing sectors, and organisations in the energy, water and aviation sectors. They say that, working with US and international partners, they have identified victims in these sectors that have been subjected to a multi-stage intrusion process which first targets low-security and small networks to gain access, and then moves onto networks of major, high-value-asset owners.

In the alert, issued in October, the FBI and DHS report that the campaign is continuing with “threat actors actively pursuing their ultimate objectives over a long-term campaign”. There are two types of victim. The initial victims are peripheral organisations, such as trusted third-party suppliers with less secure networks. These “staging targets” are infiltrated via various means including spear-phishing emails and attacks on industrial control systems (ICSs).

The attackers then use the staging targets’ networks as pivot points and malware repositories to target their ultimate intended victims and to compromise their networks.

When they gain access to intended victims, the attackers look for files related to ICS or Scada systems such as those containing ICS vendor names and documents with names such as “Scada wiring diagram” or “Scada panel layout”.

The FBI/DHS document (Alert TA17-293A) contains recommendations on detecting and preventing these attacks.