A former technical manager employed by the wind farm operator Nordex has been sentenced to 120 hours of community service by a Dutch court. The sentence follows the discovery that the employee had used company infrastructure to power a clandestine cryptocurrency mining operation across two renewable energy sites. The rogue employee, a man in his forties, exploited his privileged access to the company’s internal systems between August and November 2022.
According to court proceedings in Assen, he installed illicit hardware at Nordex facilities located in Gieterveen and Waardpolder, Netherlands. The investigation revealed that three cryptocurrency mining rigs were connected directly to a company router within a substation at the Gieterveen site. The employee hid two Helium network node devices that act as wireless gateways and blockchain nodes inside the actual wind turbine structures at Waardpolder.
The timing of the internal breach was particularly problematic for the energy operator. The court heard that the discovery of the mining equipment coincided with Nordex’s recovery efforts following a significant ransomware attack orchestrated by the Conti cybercrime group. While the primary intent of the employee was financial gain through the theft of electricity and network connectivity, the unauthorized addition of hardware to the internal grid presented a severe security risk during a period of heightened vulnerability for the firm.
This incident is not an isolated case of employees attempting to monetize employer resources to generate cryptocurrency. In a notable case from February 2018, scientists at the Russian Federal Nuclear Centre in Sarov were arrested for connecting a supercomputer to the internet to mine Bitcoin.
The Sarov facility, a high-security location for nuclear warhead development, was strictly air-gapped. One of the scientists involved, Denis Baykov, was subsequently found guilty and fined for a security breach. These cases highlight the persistent threat of insider attacks, particularly by technical staff who possess the expertise and access to manipulate critical industrial control systems for personal profit.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators-of-compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
Comments