More than 100 workers were hacked when hackers successfully gained access to computers owned by current and former employees of about two dozen major US natural gas suppliers and exporters in mid-February and on the eve of Russia’s invasion of Ukraine, Bloomberg reported.
Target companies include Chevron Corp., Cheniere Energy Inc. and Kinder Morgan Inc., according to research exclusively provided to Bloomberg News, citing Gene Yoo, CEO of Los Angeles-based Resecurity Inc., which led the operation discovered.
Bloomberg added that the attacks focused on companies involved in the production of liquefied natural gas (LNG) – “and they were the first stage in an attempt to infiltrate an increasingly critical sector of the energy industry,” the statement said Report.
Some of the files Resecurity shared with Bloomberg offer a rare glimpse into the live hacking operation. According to Boomberg, the files show that the attackers gained access to more than 100 computers owned by current and former employees of 21 major energy companies during the two-week blitz in February. Bloomberg said:
“Resecurity’s investigation began last month when the company’s researchers uncovered a small number of hackers, including one linked to a 2018 wave of attacks on European organizations that owned Microsoft Corp. Strontium, the company’s nickname for a hacking group linked to Russia’s GRU military intelligence agency.”
Yoo told Bloomberg that in some cases the hackers compromised the targeted computers themselves, and in other cases they paid to gain access to specific computers already infected by other hackers, bidding up to $15,000 per computer.
Yoo said the motive for the operation is currently unknown, but the timing coincides with broader changes in the energy industry accelerated by Russia’s war. Yoo told Bloomberg that he believes the attack was carried out by state-sponsored hackers, but declined to speculate further.
It’s not uncommon for hackers to use compromised computers as a “preposition” or launch pad into protected corporate networks.
Yoo also warned that it was unclear whether the attacks were directly related to the invasion of Ukraine, but the firm said the hacks began about seven days before Russia invaded Ukraine after US officials warned operators more critically infrastructures to “assume an elevated state of awareness” of state-sponsored Russian attacks. Yoo added: “The recent tensions surrounding Nord Stream 2, global market changes as well as the conflict in Ukraine are obvious catalysts.”