Reports are coming out that North Koreans are using spear phishing attacks to probe the security in place at US Power Grid and Infrastructure installations. Are you ready?
Multiple sources are reporting the North Korea is sending out spear-phishing campaigns targeted at US infrastructure, in particular, US Electrical Companies. The reports were first seen and reported by FireEye – a security vendor that has reported their solutions detecting the spear-phishing emails.
We can confirm that FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to U.S. electric companies by known cyber threat actors likely affiliated with the North Korean government. This activity was early-stage reconnaissance, and not necessarily indicative of an imminent, disruptive cyber attack that might take months to prepare if it went undetected (judging from past experiences with other cyber threat groups). We have previously detected groups we suspect are affiliated with the North Korean government compromising electric utilities in South Korea, but these compromises did not lead to a disruption of the power supply.
We have not observed suspected North Korean actors using any tool or method specifically designed to compromise or manipulate the industrial control systems (ICS) networks that regulate the supply of power. Furthermore, we have not uncovered evidence that North Korean linked actors have access to any such capability at this time.
Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension. FireEye has detected more than 20 cyber threat groups suspected to be sponsored by at least four other nation-states attempting to gain access to targets in the energy sector that could have been used to cause disruptions. The few examples of disruptions to energy sector operations being caused by cyber operations required additional technical and operational steps that these North Korean actors do not appear to have taken nor have shown the ability to take.
CNN is reporting that similar reports have been reported by Kaspersky.
One of the ways in which you can help your company stay ahead of the curve, is a continuous campaign of CyberSecurity Education, Spear-Phishing and Phishing education and testing. These campaigns can be setup for some or all of your employees, and you can find out who your ‘click happy’ users are before they let in the malware!