Hackers targeted U.S. LNG producers on eve of Russia-Ukraine war - Bloomberg

lyash01/iStock via Getty Images

Hackers gained access last month to computers belonging to current and former employees at nearly two dozen major natural gas producers, including Chevron (NYSE:CVX), Cheniere Energy (NYSE:LNG) and Kinder Morgan (NYSE:KMI), Bloomberg reports.

The attacks targeted suppliers and exporters of liquefied natural gas and were the first stage in an effort to infiltrate the sector, according to Gene Yoo, top executive at Resecurity Inc., which discovered the operation.

The motive of the operation is not known, but the timing coincides with broader changes in the energy industry that have been accelerated by Russia's invasion of Ukraine; Yoo tells Bloomberg that he believes the attack was carried out by Russian state-sponsored hackers.

It is not clear whether the attacks are directly related to the attack on Ukraine, but Resecurity said the hacks began about two weeks before the invasion, according to Bloomberg.

At an investor conference last week, Chevron CEO Mike Wirth said cyberattacks were the biggest risk facing the company.

EQT Corp. (NYSE:EQT) CEO Toby Rice told the CERAWeek conference in Houston on Monday that cyberattacks targeting the company have "gone up significantly" since the start of the Russian invasion.

Cheniere Energy said earlier that it signed an EPC contract with Bechtel to begin early site work at the Corpus Christi Stage 3 Project.

Comments

[ginsaw]

Probably a naive question, but just curious. How do you go about hacking an institution's computer without the computer password? If you can't get the password, then what? Unless of course it's an inside job or something.

And I know there are phishing tactics, but what if they are anticipated, ignored, deleted or avoided? What if browsing history and websites visited are cleaned every day and passwords and user IDs are constantly changed? And what if passwords are used having so many different kinds of characters chosen at random that even a computer would take a long time to run through every possible variation?

The hacking all seems to an amateur much harder than it must be...

[RUBYRUBY3]

@ginsaw
Software Updates replace the real one with your own, not easy but has been done

[Wapiti19]

Don’t we have some smart enough people to hack them back ?

[RUBYRUBY3]

@Wapiti19
Wait till US wants first strike on Russia then shut down their launch buttons
No point showing them what you can do.

[Gass man]

@RUBYRUBY3 I wish I had your faith. “Pentagon Official Says He Resigned Because US Cybersecurity Is No Match for China” this was the measure of our cyber leadership.

[RUBYRUBY3]

@Gass man
"No Match "

thehill.com/...

Was not about ability to attack today.
AI is mostly research once it makes money US business fast to cash in and talent comes with it.

[PreCambrian]

When I worked for Chevron as a control system engineer in upstream process control systems, my colleagues and I would become highly annoyed at the very tight security that IT had on all corporate systems. The process networks and the business networks are completely separate. Only company computers can access the networks. A computer that accesses process systems can’t access administrative systems and vice versa. All computers have physical 2FA and the physical card is the same physical device that gives you access to any corporate facility so if it is lost it is known immediately. All computers are up to date on cyber security software and all other software. I am not saying that a hack is impossible but it will be much more difficult than the Colonial Pipeline hack. Chevron has professionals and I understand why now.

[YCantIRetire]

@PreCambrian
You might want to read the linked Bloomberg article.

www.bnnbloomberg.ca/...

[PreCambrian]

@YCantIRetire I read it. The security won’t stop an employee that is compromised (bribed) except that connected computers are scanned often by system network software. Theft of a password shouldn’t allow access since there is a hard key 2FA plus a requirement for a corporate computer. On the process control side every system is scanned at least daily to see if any unauthorized changes have been made. Like I said, a hack won’t be impossible just much more difficult than typical corporate systems. The fact that they are bribing employees shows that the networks are relatively well protected. Probably even more restrictions will be put in place. Covid probably greatly increased the number of remote laptops at the company. It was difficult to obtain one previously.

[smcguyer]

@PreCambrian There is a group of hackers attacking Russia now. Various news stories, perhaps industry professionals can comment on this.
www.washingtonexaminer.com/...

[Simon Chatham]

Mr Putin seems focused on restoring Russia to what he sees as Soviet era greatness. I can't believe he wants to stimulate German re-armament, and expand NATO presence on his borders. But, he may see the democratic regime change in Ukraine as an existential threat to his legitimacy.

[jebstuart]

Nothing will come of this attempted sabotage, cause of the lack of intestinal fortitude in this country.

[Safety Dance]

@jebstuart Yup they already hacked Colonial Pipeline and the admin response was meh it's between Colonial and the hackers in regards to the ransom payment.

[fhbecker]

@Safety Dance I thought the response was to put 16 industries off limits to Putin. Guess they forgot to also mention invading neighboring countries. Oh, well live and learn.

www.foxbusiness.com/...

[User 3434471]

The Russians began their war on Ukraine with an attack on America. Did he forget we are a nuclear power? Does this not frighten him? Nor should it frighten us when he makes his empty threats about using nukes or how sanctions are declarations of war.

He knows he would not survive more than minutes afterwards. Putin loves Putin too much to do that

any hacker working for a foreign country perpetrating a military attack on our infrastructure should be treated no different than they treated Al-Qaeda.

[CashFlow13]

@donfdraper I'm sure Putin as well as our leaders will be alive for years after a nuclear fallout. They will all go to the various bunkers below ground that have been built.

[User 3434471]

@CashFlow13 Doubt it. Nothing built when all these bunkers were built are going to withstand a modern nuclear weapon or the apocalypse on earth it would create. Everybody would die. The best he could hope for is surviving in a dark room for a little while. Probably unable to exit the bunker-turned-tomb he was in. If he did make it to the surface, he'd die within hours. There would be nobody left alive to treat his radiation sickness or other injuries, give him any food, or any water that wasn't contaminated. Nobody would be there to dig his bunker out of the rubble with the necessary equipment. The equipment would be gone too.

That's not to say he and others in Russia aren't delusional enough to think they could survive, but they wouldn't.

[oportunity]

@donfdraper I'd like to see that backed up with some proof. Emergency preparedness of that sort would have ensured that those facilities are up to date, ready to go, and possess all the supplies, equipment, and professional personnel to support the leadership and (likely) the wealthy of the U.S. Same would apply in other countries, but certainly in the U.S. How can you have the most technologically advanced military and not be over-prepared for Armageddon?