According to leaked Pentagon documents, a group of hackers, under the direction of the Russian Federal Security Service, may have compromised the IP address of a Canadian gas pipeline company in February and caused damage to its infrastructure.
If the attack by cybercriminal group Zarya is successful, the intelligence report states that “it would be the first time” that the US intelligence community “observed a group of pro-Russian hackers executing a disruptive attack against control systems Western industrialist”.
The New York Times was unable to independently verify the US intelligence assessment, and Canada’s national agency responsible for signals intelligence and cybersecurity, the Communications Security Establishment, has said she does not comment on specific cybersecurity episodes.
According to the Pentagon’s assessment, on February 15, Zarya shared screenshots with the Federal Security Service – the main successor agency to the KGB, known by its Russian initials, FSB – which allegedly showed the attacker had the ability to increase valve pressure, deactivate alarms and perform emergency shutdowns of an unspecified gas station in Canada.
On February 25, cyber actors located in Russia compromised the Canadian IP address of an unnamed gas pipeline company and claimed that the damage was sufficient to undermine the company’s profits, according to the evaluation, citing intelligence of electromagnetic origin. According to the report, the cyber actors were not looking to “cause human casualties”, but economic damage. By February 27, the group had retained access to the IP address and stood ready to issue further instructions.
IP addresses are unique sequences of numbers assigned to each website, computer, game console or smart phone connected to the internet.
Canada’s Information Technology Security Agency declined to comment on the leaked information, but said in an email that a recent national cyber threat assessment raised concerns about potential disruption to critical infrastructure. , in particular internet-connected operational technologies “that underpin industrial processes”.
Canada was one of the strongest critics of Russia’s invasion of Ukraine, imposing sanctions on more than 2,400 Russian individuals and entities.
Canada’s federal cyber protection agency had previously warned that pipelines could be hit by the same type of audacious digital attack that targeted a major US pipeline in May 2021.
At the time, one of the largest oil pipelines in the United States, which carries refined gasoline and jet fuel from Texas to New York via the East Coast, was forced to close after being hit by ransomware, which had vividly demonstrated the vulnerability of energy infrastructures to cyberattacks.
Ransomware is a kind of modern hack that has targeted businesses, local governments, and hospitals. In some cases, victims receive emails with links or attachments containing software that encrypts files on their computer and holds them hostage until a ransom is paid.
Experts say that criminal groups with more or less close ties to foreign intelligence services are known to act on their behalf in these attacks.
Attacks on critical infrastructure have been a major concern for a decade, but they have accelerated in recent years in the United States and beyond, following breaches. Among these are the intrusion of SolarWinds by one of the Russian intelligence agencies, and another against certain types of systems designed by Microsoft, which has been attributed to Chinese hackers.