Energy (Includes Power and Utilities)
October 17, 2022: Cyberattack at Iranian Nuclear Power Plant
The Iranian Atomic Energy Organization (AEOI) has confirmed that one of its subsidiaries' email servers was hacked after the ''Black Reward' hacking group published stolen data online. AEOI says an unauthorized party from a specific foreign country, which is not named, stole emails from the hacked server, which consisted of daily correspondence and technical memos. The agency says it immediately took the necessary preventive measures to mitigate the results of this incident and informed all concerned parties and officials to be prepared for potential exploitation attempts.
The hacker group responsible for the attack calls itself 'Black Reward' and has leaked some of the stolen data on their Telegram channel. Black Reward posted a 27GB 14-part collection of RAR archives allegedly containing 85,000 email messages characterized as "perfect for researchers." The hackers' message is signed "For women, life, freedom," giving the email server breach and data leak action the character of hacktivism.
October 26, 2022: Major German Regional Energy Company Hit by Cyberattack
Enercity, one of Germany’s largest municipal energy suppliers, confirmed it was targeted by a cyberattack on Wednesday morning. The Hannover-based company said its security systems “reacted immediately” and that “greater damage to the company” has been averted. Enercity confirmed that it would continue supplying energy to customers, explaining its operational technology and critical infrastructure was not affected. “Our grids and power plants are stable and the security of supply is guaranteed,” the company stated. However the attack has impacted customer service, which has limited availability. The company added: “Not all IT systems can currently be used to their full extent, which means that they may be minor restrictions.”
October 14, 2022: India’s Largest Integrated Power Company, Tata Power, Hit by Cyberattack
Tata Power, a leading power generation company in India, confirmed it was hit by a cyberattack. In a brief statement released on Friday, the Mumbai-based company said that the attack impacted some of its IT systems.
“The company has taken steps to retrieve and restore the systems. All critical operational systems are functioning. As a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer-facing portals and touchpoints,”
December 30, 2016: Cyberattack Source of Widespread Electricity Cuts Across Istanbul
Sources from the Energy Ministry claim that a major cyberattack is the source of the widespread electricity cuts across Istanbul in recent days, according to reports in the Turkish media. “Many infiltration attempts to the systems controlling our transmission and electricity producing lines were determined and prevented. The infiltration attempts are indicators of a major sabotage preparation against Turkey’s national electricity network,” a senior anonymous source said, as quoted by state-run Anadolu Agency. Energy Minister Berat Albayrak said a comprehensive investigation has been launched to figure out the real reasons behind the electricity cuts in a trip to the northwestern province of Kocaeli, which is the main center of the breakdowns.
A major electricity supplier in South Africa's largest city has suffered a ransomware attack. The ransomware shut down IT systems, affecting more than 250,000 people through regional blackouts, and prevented customers from purchasing prepaid electricity.
The Board of Water and Light (BWL) in Lansing, Michigan, was struck by ransomware on Monday, April 25. 2016. The cyberattack shut down BWL's accounting and email systems after an employee unknowingly opened an email with an infected attachment. This would seem to be the first disclosed example of a utility being successfully compromised by ransomware.
The Lansing Board of Water & Light paid a $25,000 ransom to unlock its internal communications systems after they were disabled by a cyberattack last spring, officials said Tuesday. BWL General Manager Dick Peffley pegged the cost of responding to the emergency, including the ransom and technology upgrades to prevent future attacks, at $2.4 million. All but $500,000 of those costs are covered by insurance. Paying the ransom was “the only action we could take to unlock our system and free it from the ransomware.”
August 19, 2022: DESFA, Greece’s Natural Gas Supplier, Suffers Cyberattack
Greece’s largest natural gas supplier, DESFA, said Saturday it fell victim to a cyberattack on part of its IT infrastructure by cybercriminals who tried to gain access to electronic files and with a confirmed impact on the availability of certain systems and possible leakage of a number of files and data.
Ragnar Locker ransomware group claimed them as its victim on Friday by leaking some of the DEFSA data.
“We managed to ensure and continue the operation of the National Natural Gas System (NSGS) in a safe and reliable manner,” the company said in an advisory. “The management of DESFA continues to operate smoothly and DESFA continues to supply natural gas to all entry and exit points of the country safely and adequately. We are investigating the root causes of the attack and have mobilized teams of technical and specialist experts to assist us in this matter and in getting the systems back up and running as soon as possible.”
July 22, 2022: Blackcat / ALPHV Ransomware Attack Hits Luxembourg-based Critical Infrastructure Companies
A ransomware gang with direct ties to the group behind last year’s attack on Colonial Pipeline has struck again. This time hitting a Luxembourg-based critical infrastructure companies pipeline Creos and electricity operator Enovos. Encevo, the parent company of both business units, said data was exfiltrated during the attack between July 22 and 23, rendering the customer portals of Creos and Enovos non operational. The company said electricity and gas are still flowing to customers without interruption.
Threat actor ALPHV, also known as BlackCat, claimed responsibility for the attack on July 29 . In a post on a leak site, the group claims it exfiltrated 180,000 files totaling 150 gigabytes from Creos and threatened to publish the data. The group said the data includes contracts, agreements, passports, bills, and emails.
June 12, 2022: Energy Supplier Entega’s Customer Data Posted on the Dark Web after Ultimatum Expired
Hacker attacks paralyzed the websites of the regional utility Entega and the municipal utility Stadtwerke Mainz. There is no fear of supply interruptions for private and commercial customers, as these systems are separately secured.
At the same time as Entega, the lights also went out on the Stadtwerke Mainz website. Both companies are managed by their joint subsidiary, the IT service provider Count+Care. The malware got into the system because an employee had accidentally opened an email attachment. Entega's website and e-mail server were paralyzed as a result. The systems of the Darmstädter Bauverein and the Frankfurt utility company FES were also affected by the attack on Count+Care, an Entega subsidiary.
To repair the damage, the hackers apparently demanded a ransom of 15 million euros. Entega let the ultimatum expire without paying, and much of the customer data was leaked on the dark web. An Entega spokesman said the majority of customers could be affected, but to varying degrees. The investigation into the stolen data is still ongoing. According to Entega's annual report, the number of customer contracts at the end of 2021 was almost 700,000.
According to information from the Frankfurter Rundschau, the hacker gang "Black Cat" is said to be behind the attacks. The newspaper relies on information from an insider. "Black Cat" was recently also responsible for attacks on the IT systems in the Austrian state of Carinthia , where they also demanded a ransom.
February 24, 2022: German Wind Turbine Maker Enercon’s Services 90% Restored
German wind turbine maker, Enercon GmbH, is still restoring remote monitoring and maintenance capabilities for its turbines affected by a satellite outage at the end of February.
The company said over 90 percent of its 5,800 machines are online. The communication link has been restored for 1,156 wind parks in central Europe and service teams continue to work on the remaining 193 wind farms, the wind turbine manufacturer said Friday.
The remote monitoring and maintenance of the 5,800 machines with a combined output of more than 10 GW was affected by a satellite outage at Viasat on the same day as Russia invaded Ukraine. Viasat also had satellite operations going on in Ukraine and Enercon may have suffered as a part of being collateral damage in the attack.