Global Tensions Over Low Oil Prices Cause Uptick in Cyber-Espionage

CrowdStrike’s annual threat report highlights Chinese cyber-operations and notes a rise in hacking that pits Russia against Middle Eastern governments as oil prices decline.

Oil Price Hacking 2

The oil glut has increased tensions between various oil producers, resulting in an increase in hacking and cyber-espionage among nations such as Russia, Iran, Saudi Arabia and other Middle Eastern nations, according to CrowdStrike, which released its annual threat report on Feb. 3.

Calling the drop in global oil prices the "most impactful force" driving nation-state hacking, Adam Meyers, vice president of intelligence for security-services firm CrowdStrike, highlighted the jump in targeted espionage by Russia against other oil producers. CrowdStrike tracks adversaries on behalf of its clients.

"Global energy prices, particularly for Russia, coupled with Western sanctions against (the nation), had some pretty profound impacts on the economy," he said. "We saw a huge uptick for surveillance and intelligence collection by Russian-based state actors."

Oil prices have plummeted since mid–2014, dropping from more than $100 a barrel for crude oil to less than $35 a barrel, according to NASDAQ. Countries whose incomes depend on oil sales have been dramatically impacted by the price decline.

A group, which CrowdStrike dubbed Berserk Bear, focused intelligence-gathering attacks against Middle Eastern oil-and-gas targets, the company's report stated.

"While the exact targets in this campaign are unknown, it is known that a major focus was the oil-and-gas sector in this region," the company stated in the report. "During the early part of the year, Russia took steps to bolster its economy and buffer the nation against the dual shocks of economic sanctions and falling oil prices."

China, however, continued to top the charts in terms of hacking activity. CrowdStrike noted that as many as 28 separate Chinese groups were targeting a variety of industries. The activity is unlikely to stop, despite the People's Republic of China's agreement with various nations to stop hacking commercial targets.

In September, following the theft of sensitive and classified personnel details from the U.S. Office of Personnel Management by suspected Chinese operatives, the U.S. raised the possibility of sanctions against China. However, a dialog between the two nations produced an agreement for both sides to refrain from hacking each others' systems for commercial gain.

The PRC agreed to similar arrangements with other countries, most notably its long-time ally, Russia. Yet, those agreements have not stopped the country from hacking, according to CrowdStrike.

"China signed a May 2015 pact with Russia, a known ally, with both sides abolishing malicious hacking of any type against one another," the company noted in the report. "Yet, CrowdStrike actually observed an increase in activity against Russian targets from Hammer Panda directly following the agreement."

Hammer Panda is the name given by CrowdStrike to the specific adversary focusing on Russian targets.

CrowdStrike's report focused on China, Russia, Iran and North Korea, with a brief mention of cyber-operations in South America. The report did not describe the hacking efforts of the United States, Western European nations or Israel—all of which are known to conduct cyber-espionage.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...