Cyber Command, the US military’s hacking unit, has conducted offensive cyber operations in support of Ukraine

Luke 21:9-10: [Jesus said] “When you hear of wars and revolutions, do not be frightened. These things must happen first, but the end will not come right away.” Then he said to them, “Nation will rise against nation, and kingdom against kingdom.”

Important Takeaways:

  • “We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations”
  • Cyberspace is a domain in which the Biden administration feels comfortable countering Russia without fear of escalation
  • “Cyber warfare is a new domain … It hasn’t been around long enough for any one nation-state to dominate it.”

Read the original article by clicking here.

Vietnam unveils 10,000-strong cyber unit to combat ‘wrong views’

Men use computers at an internet cafe in Bim Son town, outside Hanoi, Vietnam May 15, 2017.

HANOI (Reuters) – Vietnam has unveiled a new, 10,000-strong military cyber warfare unit to counter “wrong” views on the Internet, media reported, amid a widening crackdown on critics of the one-party state.

The cyber unit, named Force 47, is already in operation in several sectors, Tuoi Tre newspaper quoted Lieutenant General Nguyen Trong Nghia, deputy head of the military’s political department, as saying at a conference of the Central Propaganda Department on Monday in the commercial hub of Ho Chi Minh City.

“In every hour, minute, and second we must be ready to fight proactively against the wrong views,” the paper quoted the general as saying.

Communist-ruled Vietnam has stepped up attempts to tame the internet, calling for closer watch over social networks and for the removal of content that it deems offensive, but there has been little sign of it silencing criticism when the companies providing the platforms are global.

Its neighbor China, in contrast, allows only local internet companies operating under strict rules.

The number of staff compares with the 6,000 reportedly employed by North Korea. However, the general’s comments suggest its force may be focused largely on domestic internet users whereas North Korea is internationally focused because the internet is not available to the public at large.

In August, Vietnam’s president said the country needed to pay greater attention to controlling “news sites and blogs with bad and dangerous content”.

Vietnam, one of the top 10 countries for Facebook users by numbers, has also drafted an internet security bill asking for local placement of Facebook and Google servers, but the bill has been the subject of heated debate at the National Assembly and is still pending assembly approval.

Cyber security firm FireEye Inc  said Vietnam had “built up considerable cyber espionage capabilities in a region with relatively weak defenses”.

“Vietnam is certainly not alone. FireEye has observed a proliferation in offensive capabilities … This proliferation has implications for many parties, including governments, journalists, activists and even multinational firms,” a spokesman at FireEye, who requested anonymity, told Reuters.

“Cyber espionage is increasingly attractive to nation states, in part because it can provide access to a significant amount of information with a modest investment, plausible deniability and limited risk,” he added.

Vietnam denies such charges.

Vietnam has in recent months stepped up measures to silence critics. A court last month jailed a blogger for seven years for “conducting propaganda against the state”.

In a separate, similar case last month, a court upheld a 10-year jail sentence for a prominent blogger.

(Reporting by Mi Nguyen in HANOI; Additional reporting by Amy Sawitta Lefevre in BANGKOK and Eric Auchard in FRANKFURT; Editing by Amy Sawitta Lefevre and Nick Macfie)

Vietnam unveils 10,000-strong cyber unit to combat ‘wrong views’

An internet user browses through the Vietnamese government's new Facebook page in Hanoi December 30, 2015.

HANOI (Reuters) – Vietnam has unveiled a new, 10,000-strong military cyber warfare unit to counter “wrong” views on the Internet, media reported, amid a widening crackdown on critics of the one-party state.

The cyber unit, named Force 47, is already in operation in several sectors, Tuoi Tre newspaper quoted Lieutenant General Nguyen Trong Nghia, deputy head of the military’s political department, as saying at a conference of the Central Propaganda Department on Monday in the commercial hub of Ho Chi Minh City.

“In every hour, minute, and second we must be ready to fight proactively against the wrong views,” the paper quoted the general as saying.

Communist-ruled Vietnam has stepped up attempts to tame the internet, calling for closer watch over social networks and for the removal of content that it deems offensive, but there has been little sign of it silencing criticism when the companies providing the platforms are global.

Its neighbor China, in contrast, allows only local internet companies operating under strict rules.

The number of staff compares with the 6,000 reportedly employed by North Korea. However, the general’s comments suggest its force may be focused largely on domestic internet users whereas North Korea is internationally focused because the internet is not available to the public at large.

In August, Vietnam’s president said the country needed to pay greater attention to controlling “news sites and blogs with bad and dangerous content”.

Vietnam, one of the top 10 countries for Facebook users by numbers, has also drafted an internet security bill asking for local placement of Facebook and Google servers, but the bill has been the subject of heated debate at the National Assembly and is still pending assembly approval.

Cyber security firm FireEye Inc said Vietnam had “built up considerable cyber espionage capabilities in a region with relatively weak defenses”.

“Vietnam is certainly not alone. FireEye has observed a proliferation in offensive capabilities … This proliferation has implications for many parties, including governments, journalists, activists and even multinational firms,” a spokesman at FireEye, who requested anonymity, told Reuters.

“Cyber espionage is increasingly attractive to nation states, in part because it can provide access to a significant amount of information with a modest investment, plausible deniability and limited risk,” he added.

Vietnam denies such charges.

Vietnam has in recent months stepped up measures to silence critics. A court last month jailed a blogger for seven years for “conducting propaganda against the state”.

In a separate, similar case last month, a court upheld a 10-year jail sentence for a prominent blogger.

(Reporting by Mi Nguyen in HANOI; Additional reporting by Amy Sawitta Lefevre in BANGKOK and Eric Auchard in FRANKFURT; Editing by Amy Sawitta Lefevre and Nick Macfie)

NATO mulls ‘offensive defense’ with cyber warfare rules

NATO mulls 'offensive defense' with cyber warfare rules

By Robin Emmott

TARTU, Estonia (Reuters) – A group of NATO allies are considering a more muscular response to state-sponsored computer hackers that could involve using cyber attacks to bring down enemy networks, officials said.

The United States, Britain, Germany, Norway, Spain, Denmark and the Netherlands are drawing up cyber warfare principles to guide their militaries on what justifies deploying cyber attack weapons more broadly, aiming for agreement by early 2019.

The doctrine could shift NATO’s approach from being defensive to confronting hackers that officials say Russia, China and North Korea use to try to undermine Western governments and steal technology.

“There’s a change in the (NATO) mindset to accept that computers, just like aircraft and ships, have an offensive capability,” said U.S. Navy Commander Michael Widmann at the NATO Cooperative Cyber Defence Centre of Excellence, a research center affiliated to NATO that is coordinating doctrine writing.

Washington already has cyber weapons, such as computer code to take down websites or shut down IT systems, and in 2011 declared that it would respond to hostile cyber acts.

The United States, and possibly Israel, are widely believed to have been behind “Stuxnet”, a computer virus that destroyed nuclear centrifuges in Iran in 2010. Neither has confirmed it.

Some NATO allies believe shutting down an enemy power plant through a cyber attack could be more effective than air strikes.

“I need to do a certain mission and I have an air asset, I also have a cyber asset. What fits best for the me to get the effect I want?” Widmann said.

The 29-nation NATO alliance recognized cyber as a domain of warfare, along with land, air and sea, in 2014, but has not outlined in detail what that entails.

In Europe, the issue of deploying malware is sensitive because democratic governments do not want to be seen to be using the same tactics as an authoritarian regime. Commanders and experts have focused on defending their networks and blocking attempts at malicious manipulation of data.

Senior Baltic and British security officials say they have intelligence showing persistent Russian cyber hacks to try to bring down European energy and telecommunications networks, coupled with Internet disinformation campaigns.

They believe Russia is trying to break Western unity over economic sanctions imposed over Moscow’s 2014 annexation of Crimea and its support for separatists in eastern Ukraine.

“They (Russia) are seeking to attack the cohesion of NATO,” said a senior British security official, who said the balance between war and peace was becoming blurred in the virtual world. “It looks quite strategic.”

Moscow has repeatedly denied any such cyber attacks.

ESTONIAN ‘CYBER COMMAND’

The United States, Britain, the Netherlands, Germany and France have “cyber commands” — special headquarters to combat cyber espionage and hacks of critical infrastructure.

Estonia, which was hit by one of the world’s first large-scale cyber attacks a decade ago, aims to open a cyber command next year and make it fully operational by 2020, with offensive cyber weapons.

“You cannot only defend in cyberspace,” said Erki Kodar, Estonia’s undersecretary for legal and administrative affairs who oversees cyber policy at the defense ministry.

Across the globe this year computer hackers have disrupted multinational firms, ports and public services on an unprecedented scale, raising awareness of the issue.

NATO held its biggest ever cyber exercise this week at a military base in southern Estonia, testing 25 NATO allies against a fictional state-sponsored hacker group seeking to infiltrate NATO air defense and communication networks.

“The fictional scenarios are based on real threats,” said Estonian army Lieutenant-Colonel Anders Kuusk, who ran the exercise.

NATO’s commanders will not develop cyber weapons but allied defense ministers agreed last month that NATO commanders can request nations to allow them use of their weapons if requested.

(Reporting by Robin Emmott; Editing by Peter Graff)

Ransomware virus hits computer servers across the globe

A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko

By Jack Stubbs and Pavel Polityuk

MOSCOW/KIEV (Reuters) – A ransomware attack hit computers across the world on Tuesday, taking out servers at Russia’s biggest oil company, disrupting operations at Ukrainian banks, and shutting down computers at multinational shipping and advertising firms.

Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch.

“It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.

He said he expected the outbreak to spread in the Americas as workers turned on vulnerable machines, allowing the virus to attack. “This could hit the U.S.A. pretty bad,” he said.

The U.S. Department of Homeland Security said it was monitoring reports of cyber attacks around the world and coordinating with other countries.

The first reports of organizations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain.

Within hours, the attack had gone global.

Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said the attack had caused outages at its computer systems across the world on Tuesday, including at its terminal in Los Angeles.

Pharmaceutical company Merck & Co said its computer network had been affected by the global hack.

A Swiss government agency also reported computer systems were affected in India, though the country’s cyber security agency said it had yet to receive any reports of attacks.

“DON’T WASTE YOUR TIME”

After the Wannacry attack, organizations around the globe were advised to beef up IT security.

“Unfortunately, businesses are still not ready and currently more than 80 companies are affected,” said Nikolay Grebennikov, vice president for R&D at data protection firm Acronis.

One of the victims of Tuesday’s cyber attack, a Ukrainian media company, said its computers were blocked and it had a demand for $300 worth of the Bitcoin crypto-currency to restore access to its files.

“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted by Ukraine’s Channel 24.

The same message appeared on computers at Maersk offices in Rotterdam and at businesses affected in Norway.

Other companies that said they had been hit by a cyber attack included Russian oil producer Rosneft, French construction materials firm Saint Gobain and the world’s biggest advertising agency, WPP – though it was not clear if their problems were caused by the same virus.

“The building has come to a standstill. It’s fine, we’ve just had to switch everything off,” said one WPP employee who asked not to be named.

WANNACRY AGAIN

Cyber security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of hacking tool exploited by WannaCry, and to identify ways to stop the onslaught.

Experts said the latest ransomware attacks unfolding worldwide, dubbed GoldenEye, were a variant of an existing ransomware family called Petya.

It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender.

“There is no workaround to help victims retrieve the decryption keys from the computer,” the company said.

Russian security software maker Kaspersky Lab, however, said its preliminary findings suggested the virus was not a variant of Petya but a new ransomware not seen before.

Last’s month’s fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called kill-switch that experts hailed as the decisive step in slowing the attack.

Any organization that heeded strongly worded warnings in recent months from Microsoft Corp to urgently install a security patch and take other steps appeared to be protected against the latest attacks.

Ukraine was particularly badly hit, with Prime Minister Volodymyr Groysman describing the attacks on his country as “unprecedented”.

An advisor to Ukraine’s interior minister said the virus got into computer systems via “phishing” emails written in Russian and Ukrainian designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Yevhen Dykhne, director of the Ukrainian capital’s Boryspil Airport, said it had been hit. “In connection with the irregular situation, some flight delays are possible,” Dykhne said in a post on Facebook. A Reuters reporter who visited the airport late on Tuesday said flights were operating as normal.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the government’s computer network had gone down and the central bank said a operation at a number of banks and companies, including the state power distributor, had been disrupted by the attack.

“As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations,” the central bank said in a statement.

Russia’s Rosneft, one of the world’s biggest crude producers by volume, said its systems had suffered “serious consequences” from the attack. It said it avoided any impact on oil production by switching to backup systems.

The Russian central bank said there were isolated cases of lenders’ IT systems being infected by the cyber attack. One consumer lender, Home Credit, had to suspend client operations.

(Additional reporting by European bureaux and Jim Finkle in Toronto; writing by Christian Lowe; editing by David Clarke)

Oddities in WannaCry ransomware puzzle cybersecurity researchers

Cables and computers are seen inside a data centre at an office in the heart of the financial district in London, Britain May 15, 2017. REUTERS/Dylan Martinez

By Jeremy Wagstaff

SINGAPORE (Reuters) – The WannaCry malware that spread to more than 100 countries in a few hours is throwing up several surprises for cybersecurity researchers, including how it gained its initial foothold, how it spread so fast and why the hackers are not making much money from it.

Some researchers have found evidence they say could link North Korea with the attack, but others are more cautious, saying that the first step is shedding light on even the most basic questions about the malware itself.

For one thing, said IBM Security’s Caleb Barlow, researchers are still unsure exactly how the malware spread in the first place. Most cybersecurity companies have blamed phishing e-mails – e-mails containing malicious attachments or links to files – that download the ransomware.

That’s how most ransomware finds its way onto victims’ computers.

The problem in the WannaCry case is that despite digging through the company’s database of more than 1 billion e-mails dating back to March 1, Barlow’s team could find none linked to the attack.

“Once one victim inside a network is infected it propagates,” Boston-based Barlow said in a phone interview, describing a vulnerability in Microsoft Windows that allows the worm to move from one computer to another.

The NSA used the Microsoft flaw to build a hacking tool codenamed EternalBlue that ended up in the hands of a mysterious group called the Shadow Brokers, which then published that and other such tools online.

But the puzzle is how the first person in each network was infected with the worm. “It’s statistically very unusual that we’d scan and find no indicators,” Barlow said.

Other researchers agree. “Right now there is no clear indication of the first compromise for WannaCry,” said Budiman Tsjin of RSA Security, a part of Dell.

Knowing how malware infects and spreads is key to being able to stop existing attacks and anticipate new ones. “How the hell did this get on there, and could this be repeatedly used again?” said Barlow.

PALTRY RANSOM

Some cybersecurity companies, however, say they’ve found a few samples of the phishing e-mails. FireEye said it was aware customers had used its reports to successfully identify some associated with the attack.

But the company agrees that the malware relied less on phishing e-mails than other attacks. Once a certain number of infections was established, it was able to use the Microsoft vulnerability to propagate without their help.

There are other surprises, that suggest this is not an ordinary ransomware attack.

Only paltry sums were collected by the hackers, according to available evidence, mostly in the bitcoin cryptocurrency.

There were only three bitcoin wallets and the campaign has far earned only $50,000 or so, despite the widespread infections. Barlow said that single payments in some other ransomware cases were more than that, depending on the victim.

Jonathan Levin of Chainalysis, which monitors bitcoin payments, said there were other differences compared to most ransomware campaigns: for instance the lack of sophisticated methods used in previous cases to convince victims to pay up. In the past, this has included hot lines in various languages.

And so far, Levin said, the bitcoin that had been paid into the attackers’ wallets remained there – compared to another campaign, known as Locky, which made $15 million while regularly emptying the bitcoin wallets.

“They really aren’t set up well to handle their bitcoin payments,” Levin said.

The lack of sophistication may bolster those cybersecurity researchers who say they have found evidence that could link North Korea to the attack.

A senior researcher from South Korea’s Hauri Labs, Simon Choi, said on Tuesday the reclusive state had been developing and testing ransomware programs only since August. In one case, the hackers demanded bitcoin in exchange for client information they had stolen from a South Korean shopping mall.

Choi, who has done extensive research into North Korea’s hacking capabilities, said his findings matched those of Symantec and Kaspersky Lab, who say some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.

The Lazarus hackers have however been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cybersecurity firms. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.

Whoever is found to be behind the attack, said Marin Ivezic, a cybersecurity partner at PwC in Hong Kong, the way the hackers used freely available tools so effectively may be what makes this campaign more worrying.

By bundling a tool farmed from the leaked NSA files with their own ransomware, “they achieved better distribution than anything they could have achieved in a traditional way” he said.

“EternalBlue (the hacking tool) has now demonstrated the ROI (return on investment) of the right sort of worm and this will become the focus of research for cybercriminals,” Ivezic said.

(Additional reporting Ju-Min Park in Seoul, Editing by Raju Gopalakrishnan)

China warns against cyber ‘battlefield’ in internet strategy

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su

BEIJING (Reuters) – The strengthening of cyber capabilities is an important part of China’s military modernization, the government said on Wednesday, warning that the internet should not become “a new battlefield”.

China, home to the largest number of internet users, has long called for greater cooperation among countries in developing and governing the internet, while reiterating the need to respect “cyber sovereignty”.

But Beijing, which operates the world’s most sophisticated online censorship mechanism known elsewhere as the “Great Firewall”, has also signaled that it wants to rectify “imbalances” in the way standards across cyberspace are set.

“The building of national defense cyberspace capabilities is an important part of China’s military modernization,” the Foreign Ministry and the Cyberspace Administration of China, the country’s internet regulator, said in a strategy paper on the ministry’s website.

China will help the military in its important role of “safeguarding national cyberspace sovereignty, security and development interests” and “hasten the building of cyberspace capabilities”, they said, but also called on countries to “guard against cyberspace becoming a new battlefield”.

Countries should not engage in internet activities that harm nations’ security, interfere in their internal affairs, and “should not engage in cyber hegemony”.

“Enhancing deterrence, pursing absolute security and engaging in a (cyber) arms race – this is a road to nowhere,” Long Zhao, the Foreign Ministry’s coordinator of cyberspace affairs, said at a briefing on the strategy.

“China is deeply worried by the increase of cyber attacks around the world,” Long said.

The United States has accused China’s government and military of cyber attacks on U.S. government computer systems. China denies the accusations and says it is a victim of hacking.

A cyber attack from China crashed the website of South Korea’s Lotte Duty Free on Thursday, a company official said, at a time when South Korean firms are reporting difficulties in China following the deployment of a U.S. missile defense system in South Korea that China objects to.

While China’s influence in global technology has grown, its ruling Communist Party led by President Xi Jinping has presided over broader and more vigorous efforts to control and censor the flow of information online.

The “Great Firewall” blocks many social media services, such as Twitter, Facebook, YouTube, Instagram, Snapchat and Google, along with sites run by human rights groups and those of some foreign media agencies.

Chinese officials say the country’s internet is thriving and controls are needed for security and stability.

(Reporting by Michael Martina and Catherine Cadell; Editing by Nick Macfie)

‘Digital Geneva Convention’ needed to deter nation-state hacking: Microsoft president

microsoft president brad smith

By Dustin Volz

SAN FRANCISCO (Reuters) – Microsoft President Brad Smith on Tuesday pressed the world’s governments to form an international body to protect civilians from state-sponsored hacking, saying recent high-profile attacks showed a need for global norms to police government activity in cyberspace.

Countries need to develop and abide by global rules for cyber attacks similar to those established for armed conflict at the 1949 Geneva Convention that followed World War Two, Smith said. Technology companies, he added, need to preserve trust and stability online by pledging neutrality in cyber conflict.

“We need a Digital Geneva Convention that will commit governments to implement the norms needed to protect civilians on the internet in times of peace,” Smith said in a blog post.

Smith outlined his proposal during keynote remarks at this week’s RSA cybersecurity conference in San Francisco, following a 2016 U.S. presidential election marred by the hacking and disclosure of Democratic Party emails that U.S. intelligence agencies concluded were carried out by Russia in order to help Republican Donald Trump win.

Cyber attacks have increasingly been used in recent years by governments to achieve foreign policy or national security objectives, sometimes in direct support of traditional battlefield operations. Despite a rise in attacks on governments, infrastructure and political institutions, few international agreements currently exist governing acceptable use of nation-state cyber attacks.

The United States and China signed a bilateral pledge in 2015 to refrain from hacking companies in order to steal intellectual property. A similar deal was forged months later among the Group of 20 nations.

Smith said President Donald Trump has an opportunity to build on those agreements by sitting down with Russian President Vladimir Putin to “hammer out a future agreement to ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures.”

A Digital Geneva Convention would benefit from the creation of an independent organization to investigate and publicly disclose evidence that attributes nation-state attacks to specific countries, Smith said in his blog post.

Smith likened such an organization, which would include technical experts from governments and the private sector, to the International Atomic Energy Agency, a watchdog based at the United Nations that works to deter the use of nuclear weapons.

Smith also said the technology sector needed to work collectively and neutrally to protect internet users around the world from cyber attacks, including a pledge not to aid governments in offensive activity and the adoption of a coordinated disclosure process for software and hardware vulnerabilities.

(Reporting by Dustin Volz; Editing by Dan Grebler)

Ukraine’s power outage was a cyber attack: Ukrenergo

Dispatchers at Ukraine's national power company

By Pavel Polityuk, Oleg Vukmanovic and Stephen Jewkes

KIEV/MILAN (Reuters) – A power blackout in Ukraine’s capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday.

When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine.

Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station “North”, were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters.

“The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion,” Ukrenergo said.

Law enforcement officials and cyber experts are still working to compile a chronology of events, draw up a list of compromised accounts, and determine the penetration point, while tracing computers potentially infected with malware in sleep mode, it said.

The comments make no mention of which individual, group or country may have been behind the attack.

“It was an intentional cyber incident not meant to be on a large scale… they actually attacked more but couldn’t achieve all their goals,” said Marina Krotofil, lead cyber-security researcher at Honeywell, who assisted in the investigation.

In December 2015, a first-of-its-kind cyber attack cut the lights to 225,000 people in western Ukraine, with hackers also sabotaging power distribution equipment, complicating attempts to restore power.

Ukrainian security services blamed that attack on Russia.

In the latest attack, hackers are thought to have hidden in Ukrenergo’s IT network undetected for six months, acquiring privileges to access systems and figure out their workings, before taking methodical steps to take the power offline, Krotofil said.

“The team involved had quite a few people working in it, with very serious tools and an engineer who understands the power infrastructure,” she said.

The attacks against Ukraine’s power grid are widely seen by experts as the first examples of hackers shutting off critical energy systems supplying heat and light to millions of homes.

(Writing by Oleg Vukmanovic; reporting by Pavel Polityuk in Kiev, Oleg Vukmanovic and Stephen Jewkes in Milan; editing by Susan Fenton/Ruth Pitchford)

Russia says facing increased cyber attacks from abroad

graphic representing hacking or cyber attacks

MOSCOW (Reuters) – Russia is facing increased cyber attacks from abroad, a senior security official was quoted on Sunday as saying, responding to Western accusations that Moscow is aggressively targeting information networks in the United States and Europe.

U.S. intelligence agencies say Russian President Vladimir Putin ordered a cyber campaign aimed at boosting Donald Trump’s electoral chances by discrediting his Democrat rival Hillary Clinton in the 2016 presidential campaign.

Russia has dismissed the accusations as a “witch-hunt”.

“Recently we have noted a significant increase in attempts to inflict harm on Russia’s informational systems from external forces,” Nikolai Patrushev, secretary of Russia’s Security Council, told the Rossiiskaya Gazeta daily, according to excerpts of an interview to be published in full on Monday.

“The global (Internet) operators and providers are widely used, while the methods they use constantly evolve,” said Patrushev, a former head of the FSB secret service and a close ally of Putin.

Patrushev accused the outgoing U.S. administration of President Barack Obama of “deliberately ignoring the fact that the main Internet servers are based on the territory of the United States and are used by Washington for intelligence and other purposes aimed at retaining its global domination”.

But he added that Moscow hoped to establish “constructive contacts” with the Trump administration. Trump, who praised Putin during the election campaign and has called for better ties with Moscow, will be inaugurated as president on Jan. 20.

(Reporting by Vladimir Soldatkin; Editing by Gareth Jones)