{"id":7682,"date":"2022-04-20T09:06:58","date_gmt":"2022-04-20T16:06:58","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7682"},"modified":"2022-04-14T15:39:39","modified_gmt":"2022-04-14T22:39:39","slug":"state-sponsored-russian-threat-actors-are-targeting-the-energy-sector","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/","title":{"rendered":"State-sponsored Russian Threat Actors are Targeting the Energy Sector"},"content":{"rendered":"<p>CISA has published a joint Cybersecurity Advisory (CSA) which is coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE). This advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018. These targeted both U.S. and international Energy Sector organizations. Much of the content in this blog post is sourced directly from the CISA joint alert.<\/p>\n<p>On March 24, 2022, the U.S. Department of Justice unsealed indictments of three Russian Federal Security Service (FSB) officers and a Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) employee for their involvement in the following intrusion campaigns against U.S. and international oil refineries, nuclear facilities, and energy companies.<\/p>\n<p><b>Global Energy Sector Intrusion Campaign, 2011 to 2018<\/b>: the FSB conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data.\u00a0<\/p>\n<ul>\n<li aria-level=\"1\">One of the indicted FSB officers was involved in campaign activity that involved deploying Havex malware to victim networks.\u00a0<\/li>\n<li aria-level=\"1\">The other two indicted FSB officers were involved in activity targeting U.S. Energy Sector networks from 2016 through 2018.<\/li>\n<\/ul>\n<p><b>Compromise of Middle East-based Energy Sector organization with TRITON Malware, 2017<\/b>: Russian cyber actors with ties to the TsNIIKhM gained access to and leveraged TRITON (also known as HatMan) malware to manipulate a foreign oil refinery\u2019s ICS controllers. TRITON was designed to specifically target Schneider Electric\u2019s Triconex Tricon safety systems and is capable of disrupting those systems. Schneider Electric has issued a patch to mitigate the risk of the TRITON malware\u2019s attack vector; however, network defenders should install the patch and remain vigilant against these threat actors\u2019 TTPs.<\/p>\n<ul>\n<li aria-level=\"1\">The indicted TsNIIKhM cyber actor is charged with attempting to access U.S. protected computer networks and to cause damage to an energy facility.<\/li>\n<li aria-level=\"1\">The indicted TsNIIKhM cyber actor was a co-conspirator in the deployment of the TRITON malware in 2017.<\/li>\n<\/ul>\n<p>This CSA provides the TTPs used by indicted FSB and TsNIIKhM actors in cyber operations against the global Energy Sector. Specifically, this advisory maps TTPs used in the global Energy Sector campaign and the compromise of the Middle East-based Energy Sector organization to MITRE ATT&amp;CK frameworks.<\/p>\n<p>CISA, the FBI, and DOE assess that state-sponsored Russian cyber operations continue to pose a threat to U.S. Energy Sector networks. CISA, the FBI, and DOE continue to urge the Energy Sector and other critical infrastructure organizations to apply the recommendations listed in the Mitigation&#8217;s section of this advisory and Appendix A.<\/p>\n<p>For more information on Russian state-sponsored malicious cyber activity, see CISA&#8217;s <a href=\"https:\/\/www.cisa.gov\/uscert\/russia\">Russia Cyber Threat Overview and Advisories<\/a> webpage. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure as well as additional mitigation recommendations, see joint CSA <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-011a\">Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure<\/a> and CISA&#8217;s <a href=\"https:\/\/www.cisa.gov\/uscert\/shields-technical-guidance\">Shields Up Technical Guidance<\/a> webpage.\u00a0<\/p>\n<h3><b>DNS Remains a Prominent Attack Vector<\/b><\/h3>\n<p>This CISA joint alert notes that MITRE ATT&amp;CK Command Control Tactic TA0011 has been observed, and specifically, the use of Data Encoding: Standard Encoding Technique T1132.001. As noted in our previous blog, <a href=\"https:\/\/blogs.infoblox.com\/security\/mitre-attck-and-dns\/\">https:\/\/blogs.infoblox.com\/security\/mitre-attck-and-dns\/<\/a> Technique T1132.001 can utilize DNS in support of establishing and maintaining Command and Control. As always, DNS is part of the threat actor\u2019s toolkit.<\/p>\n<p>DNS is frequently used during the execution of most cyberattacks. This can include ransomware, use as a C&amp;C channel, and for malware download and subsequent data exfiltration. All\u00a0 environments and workers can benefit from DNS security for visibility and protection against cyberattacks. This can include remote workers, cloud, and on-premises environments.\u00a0<\/p>\n<p>Russian nation state sponsored threat actors may use malicious domains and IP addresses\u00a0 that could already have a reputation and may be identified by using threat intelligence on your DNS infrastructure. In addition, the behavior and context of DNS queries may provide the essential indicators you need to identify and stop a zero-day attack and more advanced threats.<\/p>\n<p>DNS logs are a source of truth to determine what resources and websites a client has been accessing historically. Contextual data is provided by DHCP fingerprint and IPAM metadata on compromised devices. This highly useful information can include the type of device, operating system information, network location and both current and historical IP address allocations.\u00a0 This information helps the security operations center team more effectively perform event correlation and the scope of an ongoing breach.<\/p>\n<p>A June 2021 <a href=\"https:\/\/info.infoblox.com\/resources-whitepapers-gartner-how-can-organizations-use-dns-to-improve-their-security-posture.html\">Gartner report<\/a> recommends organizations leverage DNS logs for threat detection and forensic purposes with their Security Information and Event Management platforms.<\/p>\n<p>To find out more about how Infoblox can help protect your DNS infrastructure please reach out to us via <a href=\"https:\/\/info.infoblox.com\/contact-form\/\">https:\/\/info.infoblox.com\/contact-form\/<\/a>.\u00a0<\/p>\n<p>To read the CISA alert directly, please refer to: <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-083a\">https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-083a<\/a>\u00a0<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-7683 aligncenter\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/shields-up.png\" alt=\"\" width=\"512\" height=\"137\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/shields-up.png 512w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/shields-up-300x80.png 300w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\" \/><\/p>\n<p>Russia\u2019s invasion of Ukraine could impact organizations both within and beyond the region, to include <a href=\"https:\/\/www.cisa.gov\/uscert\/russia\">malicious cyber activity<\/a> against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization\u2014large and small\u2014must be prepared to respond to disruptive cyber incidents. As the nation\u2019s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as a warning to prevent other organizations and entities from falling victim to a similar attack.<\/p>\n<p>Organizations should report anomalous cyber activity and\/or cyber incidents 24\/7 to report@cisa.gov or (888) 282-0870.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA has published a joint Cybersecurity Advisory (CSA) which is coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE). This advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018. These targeted both U.S. and international [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":7267,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[334,652,308,677,678,189,679,360],"class_list":{"0":"post-7682","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-cisa","9":"tag-joint-cybersecurity-advisory","10":"tag-fbi","11":"tag-doe","12":"tag-fsb","13":"tag-cybersecurity","14":"tag-triton-malware","15":"tag-dns-security","16":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>State-sponsored Russian Threat Actors are Targeting the Energy Sector<\/title>\n<meta name=\"description\" content=\"State-sponsored Russian Threat Actors are Targeting the Energy Sector. CISA has published a joint Cybersecurity Advisory (CSA) which is coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE). This advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018. These targeted both U.S. and international Energy Sector organizations. Much of the content in this blog post is sourced directly from the CISA joint alert.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"State-sponsored Russian Threat Actors are Targeting the Energy Sector\" \/>\n<meta property=\"og:description\" content=\"State-sponsored Russian Threat Actors are Targeting the Energy Sector. CISA has published a joint Cybersecurity Advisory (CSA) which is coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE). This advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018. These targeted both U.S. and international Energy Sector organizations. Much of the content in this blog post is sourced directly from the CISA joint alert.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-20T16:06:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/pipeline.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"509\" \/>\n\t<meta property=\"og:image:height\" content=\"339\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"State-sponsored Russian Threat Actors are Targeting the Energy Sector\",\"datePublished\":\"2022-04-20T16:06:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/\"},\"wordCount\":971,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/pipeline.jpg\",\"keywords\":[\"CISA\",\"Joint Cybersecurity Advisory\",\"FBI\",\"DOE\",\"FSB\",\"Cybersecurity\",\"Triton Malware\",\"DNS Security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/\",\"name\":\"State-sponsored Russian Threat Actors are Targeting the Energy Sector\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/pipeline.jpg\",\"datePublished\":\"2022-04-20T16:06:58+00:00\",\"description\":\"State-sponsored Russian Threat Actors are Targeting the Energy Sector. CISA has published a joint Cybersecurity Advisory (CSA) which is coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE). This advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018. These targeted both U.S. and international Energy Sector organizations. Much of the content in this blog post is sourced directly from the CISA joint alert.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/pipeline.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/pipeline.jpg\",\"width\":509,\"height\":339,\"caption\":\"Three pipelines\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"State-sponsored Russian Threat Actors are Targeting the Energy Sector\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"State-sponsored Russian Threat Actors are Targeting the Energy Sector","description":"State-sponsored Russian Threat Actors are Targeting the Energy Sector. CISA has published a joint Cybersecurity Advisory (CSA) which is coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE). This advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018. These targeted both U.S. and international Energy Sector organizations. Much of the content in this blog post is sourced directly from the CISA joint alert.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/","og_locale":"en_US","og_type":"article","og_title":"State-sponsored Russian Threat Actors are Targeting the Energy Sector","og_description":"State-sponsored Russian Threat Actors are Targeting the Energy Sector. CISA has published a joint Cybersecurity Advisory (CSA) which is coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE). This advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018. These targeted both U.S. and international Energy Sector organizations. Much of the content in this blog post is sourced directly from the CISA joint alert.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/","og_site_name":"Infoblox Blog","article_published_time":"2022-04-20T16:06:58+00:00","og_image":[{"width":509,"height":339,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/pipeline.jpg","type":"image\/jpeg"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"State-sponsored Russian Threat Actors are Targeting the Energy Sector","datePublished":"2022-04-20T16:06:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/"},"wordCount":971,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/pipeline.jpg","keywords":["CISA","Joint Cybersecurity Advisory","FBI","DOE","FSB","Cybersecurity","Triton Malware","DNS Security"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/","url":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/","name":"State-sponsored Russian Threat Actors are Targeting the Energy Sector","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/pipeline.jpg","datePublished":"2022-04-20T16:06:58+00:00","description":"State-sponsored Russian Threat Actors are Targeting the Energy Sector. CISA has published a joint Cybersecurity Advisory (CSA) which is coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE). This advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018. These targeted both U.S. and international Energy Sector organizations. Much of the content in this blog post is sourced directly from the CISA joint alert.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/pipeline.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/pipeline.jpg","width":509,"height":339,"caption":"Three pipelines"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/state-sponsored-russian-threat-actors-are-targeting-the-energy-sector\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"State-sponsored Russian Threat Actors are Targeting the Energy Sector"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7682"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7682\/revisions"}],"predecessor-version":[{"id":7687,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7682\/revisions\/7687"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/7267"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}