Russian cyber-attacks on the West have seemingly reached the highest level with ‘suspicious cyber activity' being reported on a White House computer network.
Meanwhile, the Russian BlackEnergy malware – which has been plaguing victims including NATO, European governments and industrial companies – has been found attacking at least three US-based SCADA industrial control system suppliers.
The White House breach was revealed by Reuters and The Washington Post late yesterday. Reuters said that ‘suspicious cyber activity' was spotted in recent weeks on an unclassified computer network used by employees of the Executive Office of the President (EOP).
According to The Washington Post, the hackers were thought to be working for the Russian Government and their breach resulted in service disruptions while cyber security teams worked to contain the intrusion.
But White House officials said the intruders did no damage and no classified network was hacked.
Reuters quoted an anonymous official as saying: "In the course of assessing recent threats we identified activity of concern on the unclassified EOP network. We took immediate measures to evaluate and mitigate the activity. Our actions are ongoing.”
According to the Post, the US was informed of the breach by an ally country. The FBI, Secret Service and National Security Agency are all investigating.
Meanwhile, on the same day, the US Government's ICS-CERT (Computer Emergency Response Team) revealed that users of industrial systems made by GE, Advantech and Siemens have all been infected by Russian BlackEnergy malware, in a campaign that stretches back at least three years and is ongoing.
The systems infected are the GE Cimplicity, Advantech/Broadwin WebAccess and Siemens WinCC. The CERT said: “It is currently unknown whether other vendors' products have also been targeted. ICS‑CERT is working with the involved vendors to evaluate this activity and also notify their users of the linkages to this campaign.”
The CERT found no attempts to damage or disrupt the victims' industrial control processes, and has not been able to verify if the intruders moved beyond the compromised systems into the remainder of the underlying control system.
But it warns: “Typical malware deployments have included modules that search out any network-connected file shares and removable media for additional lateral movement within the affected environment.”