Energy Policy News
  • Latest
  • Archives
  • Data
  • Webinar
  • Index
Wednesday, February 1, 2023
Log In
No Result
View All Results
  • Natural Gas
  • Oil
  • Power
  • Security
  • Sustainability
Energy Policy News
  • Latest
  • Archives
  • Data
  • Webinar
  • Index
Wednesday, February 1, 2023
Log In
No Result
View All Results
Energy Policy News
No Result
View All Results

Hackers targeted U.S. LNG producers in run-up to Ukraine war

Bloomberg News by Bloomberg News
March 7, 2022
in News
Reading Time: 5 mins read
0
Share on FacebookShare on TwitterShare on LinkedInShare by Email

In mid-February, hackers gained access to computers belonging to current and former employees at nearly two dozen major natural gas suppliers and exporters, including Chevron Corp., Cheniere Energy Inc. and Kinder Morgan Inc., according to research shared exclusively with Bloomberg News.

The attacks targeted companies involved with the production of liquefied natural gas, or LNG, and they were the first stage in an effort to infiltrate an increasingly critical sector of the energy industry, according to Gene Yoo, chief executive officer of Los Angeles-based Resecurity Inc., which discovered the operation. They occurred on the eve of Russia’s invasion of Ukraine, when energy markets were already roiled by tight supplies.

Resecurity’s investigation began last month when the firm’s researchers spotted a small number of hackers, including one linked to a wave of attacks in 2018 against European organizations that Microsoft Corp. attributed to Strontium, the company’s nickname for a hacking group associated with Russia’s GRU military intelligence service.

The hackers were looking to pay top dollar on the dark web for access to personal computers belonging to workers at large natural gas companies in the U.S., which were used as a back door into company networks, Yoo said. The researchers located the hackers’ servers and found a vulnerability in the software, which allowed them to obtain files from the machines and see what the attackers had already done, Yoo said.

Some of those files were shared with Bloomberg, providing a rare view into a live hacking operation. They show that in a two-week blitz in February, the attackers gained access to more than 100 computers belonging to current and former employees of 21 major energy companies. In some cases, the hackers compromised the target machines themselves, and in others they bought access to specific computers that were already infected by others, offering as much as $15,000 for each one, Yoo said.

The motive of the operation isn’t known, but the timing coincides with broader changes in the energy industry that have been accelerated by Russia’s war. Yoo said he believed the attack was carried out by state-sponsored hackers, but he declined to speculate further.

Yoo described the hackers’ actions as “pre-positioning,” or using the hacked machines as a springboard into protected corporate networks. For that kind of operation, computers belonging to former employees can be just as valuable as those used by current workers, because many companies are slow or fail to cut off remote access when someone leaves, he said.

LNG is a form of super-chilled fuel that can be shipped nearly anywhere in the world by tanker. Demand has soared in recent months amid tight winter fuel supplies and the buildup to Russia’s invasion of Ukraine on Feb. 24, which has roiled the energy market and caused Germany and other European countries, which are dependent on Russian gas, to seek alternatives. In the months before the invasion, the U.S. became the world’s top supplier of LNG, and almost two out of three cargoes sailing from its shores were heading to natural gas-hungry Europe.

Germany, which is Europe’s largest natural gas market, said in response to Russia’s invasion that it is expediting the construction of two LNG import terminals. This is a major change, as it represents the first time Germany will import LNG. Germany also halted the certification process of the Nord Stream 2 pipeline, a system of natural gas pipelines from Russia that is completed but not yet operational.

It’s not clear whether the attacks are directly related to the invasion of Ukraine, but Resecurity said the hacks began about two weeks before the invasion, after U.S. officials had urged critical infrastructure operators to “adopt a heightened state of awareness” for Russian state-sponsored attacks.

“Recent tensions around Nord Stream 2, global market changes, as well as conflict in Ukraine are obvious catalysts,” Yoo said.

The infected machines appear to be a mix of home and corporate-owned computers. Yoo said the distinction has become essentially meaningless with the rise of remote work, as hackers have the ability to hijack virtual private network connections into corporate networks.

According to the documents provided by Resecurity, the companies whose workers were affected include Houston-based Cheniere Energy, the biggest U.S. exporter of LNG; San Ramon, California-based Chevron, a major oil producer that also owns and operates the Gorgon LNG export terminal in Australia; Pittsburgh, Pennsylvania-based EQT Corp., the largest natural gas driller and producer in the U.S.; and Houston-based Kinder Morgan, the top natural gas pipeline operator in the U.S. and the operator of the Elba Island LNG export terminal in Georgia.

At Kinder Morgan, the data showed seven current and former employees whose computers were hacked and were being accessed as part of this campaign, and whose corporate email addresses and passwords were stolen. A company spokesperson said: “We have confirmed that most of those emails were assigned to former employees. The few that are current have not been compromised.” The company declined to answer additional questions.

At Chevron, the number was 45 people, according to Resecurity. Chevron declined to answer specific questions. A spokesperson said: “Chevron takes the threat of malicious cyber activity very seriously. We have implemented the United States government’s recommendations into our cybersecurity safeguards to protect Chevron’s computing environment.”

At an investor conference March 1, Chevron Chief Executive Officer Mike Wirth said that cyberattacks are the biggest risk facing the company. “It’s a never-ending challenge out there right now,” he said. “We’re in a high-risk environment right now from a cyber standpoint, and we’re in an industry that is a high profile, high-value target for bad actors. So that’s the thing in the short term that I probably would say, in my view is the risk I worry about the most.”

Cheniere declined to comment. An EQT spokesperson didn’t return messages. However, Chief Executive Officer Toby Rice told Bloomberg TV on Monday that cyberattacks targeting the company had gone up “significantly” since the start of the invasion.

The attacks come at a time when the FBI and other federal agencies are on high alert. The FBI’s Internet Crime Complaint Center has issued dozens of alerts over the past six years documenting attacks by Russia and other state-sponsored hackers against targets including the oil and natural gas industry. The agency is concerned about increased attacks following Russia’s invasion of Ukraine, said Jason Leigh, a special agent on the FBI Houston’s cyber task force.

“In a normal day, prior to the invasion, the U.S. could experience attacks from Russian entities,” Leigh said. “We expect that the invasion may escalate in terms of volume or the number of attacks and the manners in which they attack.”

The files shared with Bloomberg identify each of the hacking group’s victims. The information includes their corporate email addresses and passwords, and the internet addresses of the infected computers the hackers can access. Many victims are mid-level employees, in occupations ranging from information technology staff and control system engineers to research scientists and managers, the documents show.

Tags: 3387Cheniere EnergyChevroncybersecurityKinder MorganLNGUkraine
Previous Post

Proposed Transco pipeline not a threat, FERC rules

Next Post

Biden needs to reach out to the U.S. oil industry, Yergin says

Related Posts

FERC logo
Natural Gas

FERC Friday Update: July 1, 2022

July 1, 2022
ENERGY POLICY NEWS
Energy News Alert

Energy Policy News says farewell

July 1, 2022
California’s all-renewable moment shows the future of the power grid
Renewables

Environmental groups protest Southwest Power Pool’s renewables accreditation

June 30, 2022
Next Post
Daniel Yergin

Biden needs to reach out to the U.S. oil industry, Yergin says

Report No. 3403

FERC Friday Update: July 1, 2022

Energy Policy News says farewell

Environmental groups protest Southwest Power Pool’s renewables accreditation

6GW of offshore wind planned with more on the way

Supreme Court curbs EPA’s climate authority in blow to Biden

Offshore wind goals depend on domestic supply

FERC fines Salem Harbor $17M for capacity market fraud

G-7 leaders favor LNG investment in U-turn due to energy crisis

DC circuit court upholds Mountain Valley Southgate expansion

Natural gas industry supports NOPR to streamline rate filings

MVP requests extra time to complete project

FERC issues final EIS for Golden Pass project

  • About
  • Contact Us
  • Privacy Terms
  • ADA Compliance
  • Help Center

 Manage Cookie Consent

Follow Us

© 2022 Royal Media - Energy Policy News, formerly Foster Energy Report

No Result
View All Results
  • Latest
  • Archives
  • Data
  • Webinars
  • Index
  • SUBSCRIBE
  • Login

© 2022 Royal Media - Energy Policy News, formerly Foster Energy Report

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Effective July 1, 2022 Energy Policy News will be discontinued.

After a year of guiding readers to better understanding and awareness around the key policy issues that can make or break energy projects and growth initiatives, we made the difficult decision to shut down our publication.

We are proud of the remarkable coverage provided by our team and want to thank all our customers for your support over the past year.

Sincerely,
The Energy Policy News Team

THIS WEBSITE USES COOKIES

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “I CONSENT”, you consent to the use of ALL the cookies.

Cookie settingsI CONSENT

Review our Cookie Policies
.
Manage Cookie Consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
34f6831605sessionGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
a64cedc0bfsessionGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
crmcsrsessionGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
JSESSIONIDsessionThe JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKENsessionCloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
663a60c55dsessionThis cookie is related to Zoho (Customer Service) Chatbox
e188bc05fesessionThis cookie is set in relation to Zoho Campaigns
iamcsrsessionZoho (Customer Support) sets this cookie and is used for tracking visitors (for performance purposes)
_zcsr_tmpsessionZoho sets this cookie for the login function on the website.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_84821447_11 minuteSet by Google to distinguish users.
_gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
663a60c55dsessionThis cookie is related to Zoho (Customer Service) Chatbox
Save & Accept
Powered by CookieYes Logo
Go to mobile version