Russian state actors are targeting the UK’s critical infrastructure by infiltrating supply chains, the National Cyber Security Centre has warned.
In an advisory note published last night, NCSC confirmed that hackers have been targeting engineering and industrial control firms since March 2017.
“The targeting is focused on engineering and industrial control companies and has involved the harvesting of NTLM 1 credentials via Server Message Block (SMB) using strategic web compromises and spear-phishing,” the note said.
The hackers are using the exploits to spy on a range of targets connected to critical national infrastructure, Sky News reported.
While NCSC did not explicitly name Russia in its note, it linked through to a related announcement published by the US Department of Homeland last month. The note outlined how Russian government-backed hackers were targeting energy and other critical infrastructure.
RSA Security’s Azeem Aleem said critical infrastructure providers represent complicated environments for security professionals: “Critical infrastructure companies are often dependent on legacy infrastructures with complex dependencies, and little visibility. They are unable to correlate security events to specific business outcomes – a problem we call the ‘Gap of Grief’.
“Take the recent wave of WannaCry and Petya attacks; the industry was quick to cry ‘patch’, but actually that isn’t always possible, as patching systems without proper testing could actually cause more damage.”
Ciaran Martin, the chief executive of NCSC, confirmed late last year that Russian hackers were targeting media, telecoms and energy companies. He said: “Russia is seeking to undermine the international system. That much is clear. The PM made the point on Monday night – international order as we know it is in danger of being eroded.”