US-CERT Warns U.S. Industry to About Persistent Russian Cyber-Attacks | eWeek

Report Warns U.S. Industry About Need to Thwart Russian Cyber-Attacks

March Recap Video 330
Written By
eWEEK Staff
eWEEK Staff
Mar 30, 2018
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A report from the U.S. Computer Emergency Readiness Team provides a detailed look at how alleged Russian attackers planned and executed a long-term cyber-attack against unprepared energy installations. 

The US-CERT report explains that the “DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” 

The report includes a step-by-step description of the hackers’ activities, including the specific methods, the specific IP addresses of their servers and repositories and compromise details. 


The alleged Russian hackers started with a poorly defended contractor to gain access to the ultimate target’s network. Once inside their system, the hackers set it up as a staging area by creating repositories for software, creating fake accounts, and conducting surveillance in order to gather information on the software, credentials, and control processes being used. 

This information was exfiltrated to remote servers using SMB protocol. Once the surveillance was complete, the hackers launched a series of processes designed to cover their tracks. 

In order to prevent future attacks like these, vice president of industrial cyber-security at CyberX Phil Neray suggested managers of industrial control systems adopt practices such as continuous monitoring of activities on the network, changing permissions or changing the registry, both of which were common activities conducted by the hackers. 

Meanwhile, co-founder and COO of Virsec Ray DeMeo suggested that a long term fix would be to include security readiness in an organization as part of the annual audit and that it be disclosed to stockholders. He also suggested that insurance premiums be tied to security readiness.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.