electric grid (23)

12403148060?profile=RESIZE_400xThe attached US DHS CISA fact sheet provides an overview for executive leaders on the urgent risk posed by People’s Republic of China (PRC) state-sponsored cyber actors known as “Volt Typhoon.”  CISA—along with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other US government and international partners1—released a major advisory on 7 February 2024, in which the U.S. authoring agencies warned cybersecurity defenders that Volt Typhoon has been pre-positioning t


  • December 2022: Rifle fire damages two electrical substations in Moore County, North Carolina, cutting power to more than 40,000 customers. Neither the attackers or their motives have been identified.
  • February 2023: A man and a woman, one an avowed neo-Nazi, are charged with conspiracy to take down Baltimore’s power grid through attacks on electrical substations, to cause chaos in that Maryland city.
  • April 2023: Scandinavian authorities warn that Russia is using “ghost ships” disguised as fishi

12310780081?profile=RESIZE_400xThe reliability and security of the power grid have become increasingly important topics in recent years.  With the dependence on electricity growing and new threats emerging, it is crucial to ensure that our lights stay on, especially for critical infrastructure like the military.  This article explores the risks the power grid faces and the potential consequences if it were compromised.

Research and Reporting:  According to industry experts, the power grid is vulnerable to both physical and cy

12224657682?profile=RESIZE_400xHackers attacked the national power grid of an unspecified Asian country earlier this year using malware typically deployed by personnel connected to China’s government, researchers said last week.  Cybersecurity company Symantec declined to attribute the incident to China but pointed to a group it tracks as RedFly.  The group compromised the network for as long as six months, stealing credentials and targeting multiple computers, the researchers said.

The malware, known as ShadowPad, also has b

12148353455?profile=RESIZE_400xWith his electric Kia EV6 running low on power, an EV driver pulled into a bank of fast-chargers near Terre Haute, Indiana, to plug in.  As his car powered up, he peeked at nearby chargers.  One in particular stood out.  Instead of the businesslike welcome screen displayed on the other Electrify America units, this one featured a picture of President Biden pointing his finger, with an “I did that!” caption.  It was the same meme the president’s critics started slapping on gas pumps as prices soa

11151738884?profile=RESIZE_400xResearchers have uncovered malware designed to disrupt electric power transmission that may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids.

Known as CosmicEnergy, the malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm, the name of one of Russia’s most skilled and cutthroat hacking groups.  Sand

10921868685?profile=RESIZE_400xSomeone or some group is attacking the US electrical power grid.  Specifically in the Seattle, WA area which comes after a series of similar incidents elsewhere in the Pacific Northwest as well as in Florida.  And law enforcement has never caught the guy who attacked the electrical grid down in North Carolina earlier in December 2022.  These were physical attacks which involved alleged shooting up power substation.[1]  As evident, these are physical attacks, not even cyber-attacks.

Shooting with

10733059301?profile=RESIZE_400xActivity Summary - Week Ending on 29 July 2022:

  • Red Sky Alliance identified 25,992 connections from new IP’s checking in with our Sinkholes
  • Hetzner 10x
  • Analysts identified 309 new IP addresses participating in various Botnets
  • Ransomware UpDate
  • Adversary-in-the-Middle - AiTM
  • South Africa under Attack
  • Mercenary Spyware
  • T-Mobile
  • US Electric Grid
  • Kherson Ukraine

Link to full report: IR-22-210-002_weekly210.pdf

10732911664?profile=RESIZE_400xIn the past five (5) years there has been a wide-ranging espionage operation in which more than 150 companies were targeted to be hacked in Germany alone: especially in the area of critical infrastructure companies.  Specifically, the hackers sought out electricity and water supply systems.  After years of investigation, the Germany’s State Criminal Police Office of Baden-Württemberg succeeded in identifying one of the suspected perpetrators: Pawel A.

This state backed hacker is said to belong t

10675689695?profile=RESIZE_400xThe Infrastructure Investment and Jobs Act,[1] as passed by the US Congress in November 2021, authorizes $7.5 billion to help meet US President Joe Biden's goal of installing 500,000 electric vehicle charging stations by 2030.  Biden aims to have EVs represent half of all new vehicles being sold in the US by 2030.  But as the number of stations increases, the number of vulnerabilities does as well.

For the past several years, hackers have been busy targeting their cyber-attacks at electrical sys

10513781884?profile=RESIZE_400xThere is serious legal reasoning that cyber-attacks against a nation’s critical infrastructure could be reasoned as a war crime.[1]  The University of California (UC), Berkeley Human Rights Center’s recent recommendations for war crime charges against the Sandworm hacking group, which was sent to the International Crimes Commission (ICC) before some of the most recent cyberattacks fully came to light, single out Sandworm’s two blackout attacks in 2015 and 2016 for legal and practical reasons: Sa

10438487083?profile=RESIZE_400xWhite hat hackers recently won $40,000 for cracking a system used by most major industrial companies, including the ones that manage our power grids, and they told MIT Technology Review it was extremely easy.  The challenge was to hack industrial control systems, specifically the hardware and software used to control power grids, water treatment facilities, and other critical infrastructure. 

Because so many people rely on this infrastructure, hackers can ask for and receive large ransoms in exc

10012032279?profile=RESIZE_400xActivity Summary - Week Ending on 14 January 2022:

  • Red Sky Alliance identified 24,345 connections from new IP’s checking in with our Sinkholes
  • Microsoft IP’s in UK and N. Ireland hit
  • Analysts identified 1,435 new IP addresses participating in various Botnets
  • Rook Ransomware
  • More Log4j
  • Ukraine Cyber Bust
  • UK NHS
  • Who’s Winning?
  • Google Docs
  • The Electric Grid’s Hot Wires
  • BLM suing LAPD

Link to full report: IR-22-014-001_weekly014.pdf

9933098252?profile=RESIZE_400xThe US and the UK have ‘quietly’ sent cyber warfare experts to Ukraine to help sabotage any cyber warfare threats like that in the 2015 Ukraine power grid hack when Russian hackers remotely took over a power company’s control center.  It was the first publicly international acknowledged attack using digital weaponry that attacked the Ukrainian power grid, causing power outages across the country.  In the hopes of protecting the Ukraine, as the US and allies speculate the next move of Russia, bot

9788180259?profile=RESIZE_400xWith the ability to largely secure critical infrastructure from ground level attacks and a current strong focus on cybersecurity, a potential new attack vector from the air is being presented with the wide availability of citizen drones.

Originally reported through Popular Mechanics[1] who obtained reports in a 28 October 2021 US government bulletin, media describes a crashed drone found on the roof of a building next to a Pennsylvania substation in July 2020.  Experts believe the drone was like

9088943900?profile=RESIZE_400x"They went after our gas and they went after our hot dogs.  No one is out of bounds here. Everyone is in play here," warned Christopher Krebs, former director of cybersecurity at Department of Homeland Security.  From natural phenomena to cyberattacks like the massive SolarWinds operation and recent attack on the Colonial Gas Pipeline, security experts warn it is clear that most businesses and key infrastructure like power grids across this country are pitifully unprepared to meet such threats.

8925521275?profile=RESIZE_400xCritical infrastructure in any country relies on energy sources and transmission for proper and safe national operations.  A direct cyber shot was delivered to the US oil and gas industry, allegedly by a Russian criminal group known as DarkSide.  DarkSide is suspected in the ransomware attack that shut down the US-Georgia based Colonial Pipeline, which immediately created fuel shortages to cars, trucks and the airline industry. 

This pipeline attack now has other energy sector officials on edge

8895950496?profile=RESIZE_400xThe current US administration is introducing a 100-day plan to improve cybersecurity and address cyber threats across the nation's electrical grid.  Officials state the program is part of a broader cybersecurity plan designed to address issues across the nation's critical infrastructure.

The 100-day initiative will involve government agencies that are responsible for the security of critical infrastructure as well as businesses and private utilities that oversee or own infrastructure, such as el

8759297281?profile=RESIZE_400xUS Lawmakers and security experts have expressed disappointment that US President Joe Biden’s $2.25 trillion infrastructure plan does not include funding to protect vital facilities against the growing threat of cyberattacks.  This infrastructure package failed to provide money to defend critical systems, such as the US power grid, against hackers, according to media sources last week.  “Any critical infrastructure modernization must take cybersecurity into account from the start,” said the OT d

8574928466?profile=RESIZE_400xActivity Summary - Week Ending 19 February 2021:

  • VW Jetta Headlights VACAR-CN
  • Cheyenne Cloud Shards & C2 Compromise
  • Red Sky Alliance identified 37,941 connections from new unique IP addresses
  • Analysts identified 2,217 new IP addresses participating in various Botnets
  • Bazar/Team9 and MS
  • TX Wind Power Turbines Freeze
  • France and the Sandworm Group
  • Norway Oil worker’s Strike Averted
  • Major Oil find offshore in South Africa, Looks to Govt for Approval

Link to full article:  IR-21-050-001_Energy_050F