Energy and Utilities, Hacking and Malware

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Security Affairs

MAY 18, 2025

The discovery raises fears China may have installed covert malware in critical energy infrastructure across the US and Europe, enabling remote attacks during conflicts. The US grid was successfully hacked in November by hackers belonging to foreign governments. ” reported Reuters.

Energy and Utilities

Energy and Utilities Manufacturing Government Hacking

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. energy facilities. Separately, law enforcement agencies in the U.S. Dragonfly 2.0,

Marketing

Marketing Energy and Utilities Malware Ransomware

Reading Municipal Light Department, an electric utility in Massachusetts, hit by ransomware

Security Affairs

FEBRUARY 26, 2020

The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack. This week, the Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack. SecurityAffairs – hacking, ransomware).

Energy and Utilities

Energy and Utilities Ransomware Advertising Hacking

Coronavirus-themed campaign targets energy sector with PoetRAT

Security Affairs

APRIL 18, 2020

Threat actors employed the previously-undetected PoetRAT Trojan in a Coronavirus-themed campaign aimed at government and energy sectors. . “Cisco Talos has discovered a new malware campaign based on a previously unknown family we’re calling “PoetRAT.” ” reads the analysis published by Cisco Talos.

Energy and Utilities

Energy and Utilities Malware Government Phishing

New APT ChamelGang Targets energy and aviation companies in Russia

Security Affairs

OCTOBER 4, 2021

ChamelGang APT is a new cyberespionage group that focuses on fuel and energy organizations and aviation industry in Russia. ChamelGang is a new APT group that was first spotted in March by researchers at security firm Positive Technologies, it targets Russian companies in the energy and aviation industry.

Energy and Utilities

Energy and Utilities Malware Technology Antivirus

FERC, NERC joint report on cyber incident response at electric utilities

Security Affairs

SEPTEMBER 21, 2020

The US FERC and NERC published a study on cyber incident response at electric utilities that also includes recovery best practices. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) released a study on cyber incident response and recovery best practices for electric utilities.

Energy and Utilities

Energy and Utilities Advertising Cyber Attacks Hacking

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

Krebs on Security

AUGUST 22, 2019

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. This data can then be used to create counterfeit copies of the cards.

Energy and Utilities

Energy and Utilities Retail Data breaches Marketing

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. Here’s what I took away from our discussion: Transient hacks. This quickly gets intricately technical. Branching attacks.

Hacking

Hacking Energy and Utilities System Administration Accountability

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

DMEA Colorado electric utility hit by a disruptive cyberattack

Security Affairs

DECEMBER 6, 2021

A ransomware attack hit an electric utility in Colorado causing a significant disruption and damage. The Delta-Montrose Electric Association (DMEA) is a local electric cooperative located in Colorado, it is part of Touchstone Energy Cooperatives. SecurityAffairs – hacking, Colorado Electric Utility). Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Cyber Attacks Ransomware Data breaches

US Utilities Targeted with LookBack RAT in a new phishing campaign

Security Affairs

SEPTEMBER 24, 2019

Security experts at Proofpoint observed a new wave of phishing attacks aimed at US Utilities in an attempt to deliver the LookBack RAT. Security experts at Proofpoint have discovered a new series of phishing attacks targeting entities US utilities in an attempt to deliver the LookBack RAT. nceess [. ] Nceess [. ]

Phishing

Phishing Energy and Utilities Advertising Engineering

Nova Scotia Power confirms it was hit by ransomware attack but hasn’t paid the ransom

Security Affairs

MAY 27, 2025

is a vertically integrated electric utility serving the province of Nova Scotia, Canada. Its operations encompass generation, transmission, and distribution of electricity, utilizing a diverse mix of energy sources including coal, natural gas, hydroelectric, wind, tidal, oil, and biomass. or Caribbean utilities.

Energy and Utilities

Energy and Utilities Ransomware Data breaches Accountability

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Security Affairs

OCTOBER 21, 2018

Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. The hackers used the powerful cyber weapons to compromise systems used in aerospace, nuclear energy, R&D, and other industries. Pierluigi Paganini.

Hacking

Hacking Energy and Utilities Advertising Authentication

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. “In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.”

Government

Government Energy and Utilities Malware Hacking

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Joseph Steinberg

MAY 12, 2021

In late 2016, hackers, perhaps acting on behalf of the Russian government, utilized multiple pieces of malware to both knock out power to large segments of Ukraine and to simultaneously disable the phone communications capabilities of the impacted power providers, thereby complicating recovery efforts.

Energy and Utilities

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks

PseudoManuscrypt, a mysterious massive cyber espionage campaign

Security Affairs

DECEMBER 16, 2021

The name PseudoManuscrypt comes from the similarities with the Manuscrypt malware used by the North Korea-linked Lazarus APT group in attacks aimed at the defense industry. The PseudoManuscrypt loader is delivered via a Malware-as-a-Service (MaaS) platform that distributes the malicious code in pirated software installer archives.

Spyware

Spyware Energy and Utilities Malware Engineering

Threat actors breached the network of the Italian oil company ENI

Security Affairs

AUGUST 31, 2022

Ransomware is a type of malware that locks computers and blocks access to files in lieu of a payment. The Italian energy sector appears to be under attack, over the weekend, Italy’s energy agency Gestore dei Servizi Energetici SpA was hit by a cyber attack. SecurityAffairs – hacking, ENI). Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Ransomware Cyber Attacks Hacking

Conti ransomware gang exploits Log4Shell bug in its operations

Security Affairs

DECEMBER 17, 2021

Conti operators run a private Ransomware-as-a-Service (RaaS), the malware appeared in the threat landscape at the end of December 2019 and was distributed through TrickBot infections. Recently the Conti gang hit the attack on the Australian energy CS Energy and threaten to leak the stolen files. ” continues AdvIntel.

Ransomware

Ransomware Energy and Utilities Cybercrime Malware

Hackers Target Oil Producers During COVID-19 Slump

Security Affairs

MAY 19, 2020

Real-Life Examples of Spear-Phishing Attacks in the Energy Production Sector. The threat of spear-phishing for energy companies is, unfortunately, not a theoretical one. Downloading them infected a user’s system with a type of trojan spyware not previously seen in other utilities industry cyberattacks. Not a New Concern.

Energy and Utilities

Energy and Utilities Phishing Advertising Technology

Operators behind Dark Caracal are still alive and operational

Security Affairs

NOVEMBER 29, 2020

. “During this past year, dozens of digitally signed variants of this once commodity malware started to reappear in the threat landscape, reigniting interest in this old malware family.” Experts observed several samples of the malware that were digitally signed with valid certificates issued by Certum.

Energy and Utilities

Energy and Utilities Malware Government Healthcare

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. on January 5, 2020. on January 5, 2020.

Energy and Utilities

Energy and Utilities Ransomware Financial Services Manufacturing

RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild

Security Affairs

JULY 5, 2023

RedEnergy is a sophisticated stealer-as-a-ransomware that was employed in attacks targeting energy utilities, oil, gas, telecom, and machinery sectors. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors.

Energy and Utilities

Energy and Utilities Ransomware Backups Malware

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” The court order allowed authorities to use the Moobot malware to copy and delete stolen and malicious data and files from compromised routers.

Energy and Utilities

Energy and Utilities Government Firewall Malware

FBI Disrupts Chinese Botnet Targeting U.S. Critical Infrastructure

SecureWorld News

FEBRUARY 1, 2024

The United States continues to grapple with cyber intrusions emanating from sophisticated hacking groups affiliated with the Chinese government. It was controlled by a prolific Chinese hacking group tracked as Volt Typhoon. Investigations into Volt Typhoon's extensive infrastructure hacking campaign remain ongoing.

Energy and Utilities

Energy and Utilities Government Hacking Malware

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

2️ Cyber Attacks Against Energy (Oil & Gas) and Nuclear Sectors Critical infrastructure across all domains continues to remain a focal point for cyber-attacks, orchestrated by both cybercriminal elements and nation-state actors.

Cyber threats

Cyber threats Energy and Utilities Cyber Attacks Artificial Intelligence

Is the recent accident at Iran Natanz nuclear plant a cyber attack?

Security Affairs

APRIL 11, 2021

The “accident” impacted the electricity distribution network at Iran’s Natanz nuclear facility, Atomic Energy Organization of Iran spokesman Behrouz Kamalvandi told the Iranian Fars News Agency. . SecurityAffairs – hacking, Iran). ” reads the post published by Jerusalem Post. ” continues the JP.

Cyber Attacks

Cyber Attacks Energy and Utilities Media Hacking

USB Drives shipped with Schneider Solar Products were infected with malware

Security Affairs

SEPTEMBER 6, 2018

Schneider Electric announced that some of the USB drives it has shipped with its Conext ComBox and Conext Battery Monitor products were infected with malware. Both products are part of the solar energy offering of the vendor. These USB removable media contain user documentation and non-essential software utilities.

Malware

Malware Energy and Utilities Manufacturing Media

A new piece of Snake Ransomware targets ICS processes

Security Affairs

JANUARY 28, 2020

Snake Ransomware was first detected by researchers from MalwareHunterTeam last week and analyzed it with the support of the popular malware analysts Vitali Kremez. Then the malware encrypts the files on the system, skipping Windows system files and folders. “Using an already “proven” malware (i.e. ” concludes OTORIO.

Ransomware

Ransomware Energy and Utilities Manufacturing Malware

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

Security Affairs

SEPTEMBER 9, 2020

K-Electric (KE) (formerly known as Karachi Electric Supply Company / Karachi Electric Supply Corporation Limited) is a Pakistani investor-owned utility managing all three key stages – generation, transmission and distribution – of producing and delivering energy to consumers. SecurityAffairs – hacking, Netwalker).

Ransomware

Ransomware Energy and Utilities VPN Advertising

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Most of the impacted organizations are in the Communications, Energy, Transportation Systems, and Water and Wastewater Systems sectors.

Energy and Utilities

Energy and Utilities VPN Manufacturing Firewall

Everest gang demands $200K for data stolen from South Africa state-owned electricity company ESKOM

Security Affairs

OCTOBER 9, 2022

Everest ransomware operators claimed to have hacked South Africa state-owned company ESKOM Hld SOC Ltd. Eskom is one of the few remaining vertically integrated utilities connected to the Southern African Power Pool (SAPP) through an interconnected grid, which serves to support grid stability. SecurityAffairs – hacking, ESKOM).

Energy and Utilities

Energy and Utilities Ransomware InfoSec Hacking

Johannesburg residents left in the dark after a ransomware attack at City Power

Security Affairs

JULY 25, 2019

South African electric utility City Power that provides energy to the city of Johannesburg, has suffered serious disruptions after a ransomware attack. The energy utility informed its customers via Twitter of the ransomware attack that encrypted its network, including all its databases and applications.

Energy and Utilities

Energy and Utilities Ransomware Advertising Encryption

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Security Affairs

JUNE 6, 2024

Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems.” Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, ransomware)

Energy and Utilities

Energy and Utilities Ransomware Encryption Financial Services

Iran-linked APT33 updates infrastructure following its public disclosure

Security Affairs

JUNE 30, 2019

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. Most of the domains (60%) were associated with malware families related to njRAT infections, a malware wasn’t previously associated with APT33.

Energy and Utilities

Energy and Utilities Advertising Retail Healthcare

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Security Affairs

AUGUST 27, 2024

” This malware, designed specifically for Versa Director, currently has zero detections on VirusTotal. The malware is developed through Apache Maven, it was built on June 3, 2024, and attaches itself to the Apache Tomcat process on execution. Black Lotus Labs detected unusual traffic indicating the exploitation of several U.S.

Energy and Utilities

Energy and Utilities Firewall Technology Malware

TrickBot member extradited to US faces up to 60 years in prison

Security Affairs

OCTOBER 30, 2021

Dunaev, also known as FFX, was involved in the development of a browser injection module for the Trickbot malware. Investigators believe that the TrickBot gang was composed of at least 17 members, malware managers, malware developers, crypters, and spammers. Sentencing Guidelines and other statutory factors.”

Identity Theft

Identity Theft Energy and Utilities Malware Banking

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

Mint Sandstorm also used custom tools in selected targets, notably organizations in the energy and transportation sectors. In the last stage of the attack, the subgroup deploys a custom malware variant, such as Drokbk or Soldier instead of using publicly available tools and simple scripts. ” concludes Microsoft.

Energy and Utilities

Energy and Utilities Accountability Education Media

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

One of the victims of the ransomware is the energy giant Energias de Portugal (EDP) , where the attackers claimed to have stolen 10 TB of files. The malware leverage a VirtualBox feature that allows the host operating system to share folders and drives as a network share inside a virtual machine. Pierluigi Paganini.

Encryption

Encryption Ransomware Energy and Utilities Advertising

US Cyber Command warns of Iran-linked hackers exploiting CVE-2017-11774 Outlook flaw

Security Affairs

JULY 2, 2019

Malware is currently delivered from: 'hxxps://customermgmt.net/page/macrocosm' #cybersecurity #infosec — USCYBERCOM Malware Alert (@CNMF_VirusAlert) July 2, 2019. These executables are both downloaders that utilize powershell to load the PUPY RAT. The attacks are targeting U.S. industries and government agencies.

Energy and Utilities

Energy and Utilities Malware Advertising InfoSec

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Financial Services

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems.” Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, ransomware) on January 5, 2020.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Financial Services

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Security Affairs

APRIL 2, 2023

The documents demonstrate that it also developed hacking tools for the Russia-linked APT group Sandworm. The company was commissioned for the development of tools, training programs, and a hacking platform. Files leaked by Russian IT contractor NTC Vulkan show that Russia-linked Sandworm APT requested it to develop offensive tools.

Energy and Utilities

Energy and Utilities Media Hacking Technology

Interview with Dr. Arun Vishwanath on the Latest Cybersecurity Attacks

CyberSecurity Insiders

JUNE 3, 2021

This breach, like every major ransomware attack, was likely because of spear phishing, where someone either received the malware via an emailed attachment or clicked on a link that took them to a website that hosted it. This was how the Sony Pictures ransomware hack also took place in late 2014 and since. Ransomware is at the top.

Cybersecurity

Cybersecurity Energy and Utilities Social Engineering Phishing

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Electric grid utilities are deploying smart meters to better correspond to consumers energy demands while lowering costs. Mirai, Jeep Hack, etc.) Once installed, the malware “phoned home” to a command-and-control network run by the hacking group, which enabled them to enter the network and take further action.

IoT

IoT Manufacturing Energy and Utilities Data collection

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Actions Target Russian Govt. Botnet, Hydra Dark Market

Trending Sources

Reading Municipal Light Department, an electric utility in Massachusetts, hit by ransomware

Coronavirus-themed campaign targets energy sector with PoetRAT

New APT ChamelGang Targets energy and aviation companies in Russia

FERC, NERC joint report on cyber incident response at electric utilities

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

DMEA Colorado electric utility hit by a disruptive cyberattack

US Utilities Targeted with LookBack RAT in a new phishing campaign

Nova Scotia Power confirms it was hit by ransomware attack but hasn’t paid the ransom

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

US indicted 4 Russian government employees for attacks on critical infrastructure

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

PseudoManuscrypt, a mysterious massive cyber espionage campaign

Threat actors breached the network of the Italian oil company ENI

Conti ransomware gang exploits Log4Shell bug in its operations

Hackers Target Oil Producers During COVID-19 Slump

Operators behind Dark Caracal are still alive and operational

Operation Cronos: law enforcement disrupted the LockBit operation

RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

FBI Disrupts Chinese Botnet Targeting U.S. Critical Infrastructure

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Is the recent accident at Iran Natanz nuclear plant a cyber attack?

USB Drives shipped with Schneider Solar Products were infected with malware

A new piece of Snake Ransomware targets ICS processes

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Everest gang demands $200K for data stolen from South Africa state-owned electricity company ESKOM

Johannesburg residents left in the dark after a ransomware attack at City Power

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Iran-linked APT33 updates infrastructure following its public disclosure

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

TrickBot member extradited to US faces up to 60 years in prison

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Ragnar Ransomware encrypts files from virtual machines to evade detection

US Cyber Command warns of Iran-linked hackers exploiting CVE-2017-11774 Outlook flaw

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

More details about Operation Cronos that disrupted Lockbit operation

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Interview with Dr. Arun Vishwanath on the Latest Cybersecurity Attacks

Critical Success Factors to Widespread Deployment of IoT

Stay Connected