US-CERT Alert (TA17-293A)
Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors
A joint Technical Alert (TA) has been issued by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) regarding information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.
DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector.
The threat actors in this ongoing campaign employed a variety of tactics, techniques, and procedures (TTPs) including, but not limited to, industrial control system (ICS) infrastructure targeting.
Upon gaining access to intended victims, the threat actors conducted reconnaissance operations within the network. Specifically, the threat actors focused on identifying and browsing file servers within the intended victim’s network. The threat actors viewed files pertaining to ICS or Supervisory Control and Data Acquisition (SCADA) systems. Based on DHS analysis of existing compromises, these files were originally named containing ICS vendor names and ICS reference documents pertaining to the organization (e.g., “SCADA WIRING DIAGRAM.pdf” or “SCADA PANEL LAYOUTS.xlsx”).
The Motorola Solutions ACE3600 RTU for mission-critical control systems handles large volumes of data for more complex process automation and monitoring. Because it is at the edge of your Industrial IoT and controls and manages any number of operational technologies remotely, it is inherently designed with robust security from the start.
Protect all points of entry, limit poitns of vulnerability and prevent attempts to compromise any part of your system and data with these proven security methodologies.
- Security policy enforcement
- Access control
- Role-based access control
- Intrusion detection system
- Application control software (whitelisting)
- Encryption - FIPS-140-2 certified, 256 bit AES (Advanced Encryption Standard) algorithm
- Unused port deactivation
- Time-window commands
- Secured programming