PUTIN’S CYBERWAR It is not just the broadcast media that APT28 have targeted, either. Print media have also fallen victim to cyberattacks. In December 2014, a prominent military correspondent for a large US newspaper suffered a cyberattack on his personal email address, which likely leaked his credentials. 30 Later the same month, APT28 attacked around 55 employees of the same newspaper on their work email accounts. A year earlier, in late 2013, a journalist received an email from the Chief Coordinator of US-based Reason Magazine’s Caucasian Issues Department. The email welcomed him as a contributor and requested topic ideas and identification information in order to establish him at the magazine. This ought to have piqued the journalist’s interest, as the magazine does not have such a department. Nevertheless, the journalist opened one of the files attached to the email and, unbeknown to him, unleashed malware on to his computer. The malware, it was later established, had been created by 31 APT28. 4.5 Industry In 2014, an unnamed steel mill somewhere in Germany was hit by cyberattacks, with massive real- life (or, to use the technical term, “cyber-to-physical”) effects. It is not clear when the attack in Germany took place, but it came to light in Germany’s annual IT Security report, released just 32 before Christmas. The report, issued by Germany’s Federal Office for Information Security, said that hackers had gained access to the steel mill through the plant’s business network, and then worked their way through various networks to access systems controlling plant equipment. They had such control that a blast furnace could not be properly shut down, resulting in “massive” – 33 though unspecified – damage. The hackers infiltrated the corporate network using a spear-phishing attack. Once they had a foothold on one system, they were able to explore the company’s networks and eventually compromise a “multitude” of systems, including industrial components on the production network. Digital traces left in the system point to Russian involvement, but not conclusively to the government 34 itself, according to a US intelligence assessment. 4.6 Energy In late 2015, two of Ukraine’s energy companies – one in Ivano-Frankivsk Oblast and the other in Kyiv Oblast – were hit by cyberattacks, leaving some 80,000 homes without power. Hackers had entered the two companies’ management systems, possibly through a spear-phishing campaign, and disconnected breakers at their energy substations. At roughly the same time, the companies’ telephone call centres were hit by a DDoS attack. The hackers then paralysed the entire companies’ systems, and malware affected computers and servers. In most cases, power was restored within three hours, but because the hackers had sabotaged the companies’ management systems, 30 Hacquebord, F. ‘Operation Pawn Storm Ramps Up its Activities; Targets NATO, White House’, TrendMicro, 16 April 2015, available at: http://blog.trendmicro.com/trendlabs-security-intelligence/operation-pawn-storm-ramps-up-its-activities-targets-nato-white-house/, last visited: 13 May 2016. 31 The Dukes: 7 years of Russian cyberespionage”, F-Secure Labs Threat Intelligence Whitepaper, 29 January 2011, pp. 10-11. 32 ‘Die Lage der IT-Sicherheit in Deutschland 2014’, Bundesamt für Sicherheit in der Informationstechnik, 15 December 2014, available at: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2014.pdf?__blob=publicationFile, last visited: 6 May 2016. 33 Zetter, K. ‘A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever’, Wired, 1 August 2015, available at: http://www.wired.com/2015/01/german-steel-mill-hack-destruction/, last visited: 6 May 2016. 34 Riley, M. and Jordan Robertson, ‘Cyberspace Becomes Second Front in Russia’s Clash With NATO’, Bloomberg, 14 October 2015. 8
Putin's Cyberwar Page 10 Page 12