Unknown: A currently unknown attacker attempted to DDoS an energy provider who supplies energy to Los Angeles County, CA, Salt Lake County, UT, and Converse County, WY. According to the recently released report, the attack took place on March 5th, 2019 between 9:12 a.m. and 6:57 PM and even though the power supply was not disrupted, the unnamed provider felt that the attempt was serious enough that it needed to be reported to the Federal Government. The report stated that the DDoS disrupted operations at the facility but not energy system operations, meaning that other non-vital systems were knocked offline. A number of major threat actors and nations have previously stated a desire to disrupt the power grid in the United States–including Russia, Iran, China, North Korea, and the Islamic State. The Russian group Sandworm previously successfully disrupted energy services in Ukraine in 2015. In that instance, the group utilized the DarkEngery malware to disrupt power systems while carrying out a DDoS attack on the energy provider’s phone lines to prevent customers from being able to call in the outage. The DOE has not released any details of who they believe is behind the attack at this time.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased