Phishing campaigns target critical infrastructure

Phishing campaigns target critical infrastructure

The Department of Homeland Security is warning critical infrastructure providers of a malicious spear-phishing campaign, according to an agency report released last week.

Advanced persistent threat (APT) actors are sending bogus emails to government facilities and chemical, critical manufacturing and energy companies, DHS said. The emails link to Web sites hosting malicious files that help the hackers infiltrate users’ networks.

The agency did not identify the suspected attackers.


“While the motivations of the APT actors remain unknown, the use of social media and zero-day exploits illustrates a concerted effort to gain access to critical infrastructure networks,” the report reads.

The campaign comes on the heels of a similar incident in early 2014, in which the same actors used social media to perform reconnaissance and target company employees.

In one incident, DHS reports, the cyber criminals posed as a prospective job candidate and tricked a critical infrastructure owner into opening a “resume.rar” file that planted malicious software on the victim’s computer. The threat was quickly identified and the company’s networks were unaffected.

Critical infrastructure sites are facing an increasing bombardment of phishing attacks as hackers attempt to gain access to their networks.

In November, DHS warned that “numerous” critical industries might have been compromised by Russian hackers, though officials said they did not see any attempts to “damage, modify, or otherwise disrupt” any networks. Researchers say the country is testing U.S. networks for vulnerabilities.

Perhaps the bigger danger, experts say, is how long the malware went undetected. Some reports suggest it might have infected U.S. systems three years before it was discovered.

Russia is not the only country with unnerving access to U.S. critical infrastructure.

National Security Agency Director Michael Rogers told lawmakers last fall that China and “one or two” other countries would be able to shut down portions of critical U.S. infrastructure with a cyberattack. Researchers suspect Iran to be on that list.