Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign.
This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks, referred to as “staging targets” throughout this alert. The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the “intended target.”
The Maritime Association of South Carolina on behalf of the Port of Charleston seeks to establish an Information Sharing and Analysis Organization (ISAO) for Maritime Transportation System (MTS) stakeholders operating in the Port of Charleston. The mission of MTS-ISAO: Charleston is to increase cyber-threat protection, detection, and response capabilities of its membership by collecting, analyzing, and sharing threat indicators within the local MTS community. Over the course of an initial 2-year pilot, MTS-ISAO: Charleston will establish the management and technical framework for the ISAO, begin activities to fulfill its mission, and collect regular metrics to gauge the effectiveness of those activities. The pilot will culminate in a final report that analyzes the metrics and documents a framework for repeatability in other maritime communities (e.g. MTS-ISAO: [community]). After the pilot, MTS-ISAO: Charleston will continue operating and ultimately transition to a self-sustaining organization.