blog post
FBI Issues Alert on Potential Chinese and Russian Cyber Threats to Energy Sector
As global energy dynamics shift, the FBI has alerted the energy sector about the possibility of increased cyber threats from Chinese and Russian hackers. This information was shared with the energy industry in a notification acquired by Recorded Future News.
The advisory, released on Thursday, outlines several factors that may escalate these threats: a surge in U.S. exports of liquefied natural gas (LNG), the U.S.’s increasingly dominant position in the global crude oil supply chain, persistent Western sanctions limiting Russia’s energy reach, and China’s growing dependence on oil imports.
While the alert doesn’t specify any particular advanced persistent threat (APT) groups linked to China or Russia or detail any direct cybersecurity events tied to crucial infrastructure, it underscores the U.S. network’s vulnerability. The FBI emphasizes that hackers from China and Russia continually scout critical systems, always on the lookout for weaknesses to exploit.
Brian Harrell, previously affiliated with the Department of Homeland Security and currently an executive in the energy domain, communicated via email that U.S. utilities witness daily low-level cyber attempts from both nations. These minor incursions aid hackers in understanding vital systems, such as potential vulnerabilities in firewalls.
Harrell mentioned, “While China maintains a low profile, these minute localized breaches are likely building their cyber offense skills for potential future activities.” He added, “It’s evident that the energy sector currently faces significant cyber threats, especially as China possibly prepares for larger-scale operations.”
The notification details Chinese hackers’ tactics, such as using native tools in their targeted environment, a strategy termed “living off the land.” This method involves hackers using existing features or tools within the target’s network, like certain ransomware versions using inherent Windows binaries to mask their operations and remain undetected.
Highlighting ongoing concerns, the FBI’s advisory stated that since 2020, state-backed Chinese hackers have actively exploited vulnerabilities to infiltrate and steal intellectual property from U.S. networks, and have even made inroads into critical infrastructure systems.
The FBI refrained from commenting on the alert.
Furthermore, the alert pointed out how Western sanctions, instigated by Russia’s invasion of Ukraine, have disrupted the global energy supply chain. This shift, especially with the U.S. fulfilling a significant portion of Europe’s LNG demands, might intensify cyber threats from Russian hackers targeting the U.S. energy industry.
In fact, by mid-2022, 74% of Europe’s LNG imports were sourced from the U.S., highlighting the U.S.’s pivotal role in meeting Europe’s energy requirements.
The advisory also stated that, dating back to 2016, Russian hackers have persistently targeted U.S. government agencies and various crucial infrastructure sectors. These hackers have used certain networks as launchpads to infiltrate their ultimate targets.
In a related development, Bruno Kahl, who leads Germany’s foreign intelligence agency, recently warned about the potential targeting of LNG terminals in Germany by state-backed hackers.
Hold on to your hats.
Author
Steve King
Managing Director, CyberEd
King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 20 years. He has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group.