Critical US water systems are being targeted by China and Iran State Department warns

Water-system

Important Takeaways:

  • The Biden administration is warning states to be on guard for cyberattacks against water systems, citing ongoing threats from hackers linked to the governments of Iran and China.
  • “Disabling cyberattacks are striking water and wastewater systems throughout the United States,” Environmental Protection Agency Administrator Michael Regan and National Security Advisor Jake Sullivan wrote in a letter to governors made public Tuesday. “These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”
  • Hackers affiliated with the Iranian Government Islamic Revolutionary Guard Corps have attacked drinking water systems, while a People’s Republic of China state-sponsored group, Volt Typhoon, has compromised information technology of drinking water and other critical infrastructure systems, the letter warned.
  • “Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts,” said the letter.

Read the original article by clicking here.

Russia to move all business to local internet. Experts say Putin could launch offensive cyber-attack

Revelations 6:3-4 “ when he opened the second seal, I heard the second living creature say, “Come!” 4 And out came another horse, bright red. Its rider was permitted to take peace from the earth, so that people should slay one another, and he was given a great sword.

Important Takeaways:

  • Russia to launch ‘hybrid warfare’ against UK this week with wave of cyber-attacks
  • Vladimir Putin has ordered all Russian businesses to sever internet connections with the West by Tuesday, in a move that experts say may herald the launch of offensive cyber-attacks.
  • The orders came to light at the same time as a Russian spy ship, Yantar, left her home port of Severomorsk, in Murmansk.
  • Though officially used for oceanographic research, the 5,372-ton vessel is actually a mothership for two unmanned submarines capable of cutting data cables laid deep on the ocean floor.
  • Russia has been trying to insulate itself from the World Wide Web for many years to mitigate the impact of Western surveillance.

Read the original article by clicking here.

Warning to financial firms to be prepared for Cyber-attack

Revelations 6:3-4 “ when he opened the second seal, I heard the second living creature say, “Come!” 4 And out came another horse, bright red. Its rider was permitted to take peace from the earth, so that people should slay one another, and he was given a great sword.

Important Takeaways:

  • US warns of potential Russian cyberattacks on wealth managers
  • U.S. officials have already blamed Russia for at least two rounds of attacks on Ukrainian websites in February — the largest in the country’s history — and have alerted American financial institutions to be on the lookout for increased cyber activity.
  • “While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” DHS’ Cybersecurity and Infrastructure Security Agency said in the letter.

Read the original article by clicking here.

Russia Keeps Nuclear Personnel on High Alert as Peace Talks are Underway

Matthew 24:6 “And you will hear of wars and rumors of wars. See that you are not alarmed, for this must take place, but the end is not yet.”

Important Takeaways:

  • Ukraine, Russia envoys talk under shadow of nuclear threat
  • In a war being waged both on the ground and online, cyberattacks hit Ukrainian embassies around the world, and Russian media.
  • Western nations ramped up the pressure with a freeze on Russia’s hard currency reserves, threatening to bring Russia’s economy to its knees. Russians withdrew savings and sought to shed rubles for dollars and euros, while Russian businesses scrambled to protect their finances.
  • The U.S., European Union and Britain also agreed to block selected Russian banks from the SWIFT system, which facilitates moving money around thousands of banks and other financial institutions worldwide.
  • Ukrainian authorities have been handing out weapons to anyone willing to defend the city. Ukraine is also releasing prisoners with military experience who want to fight, and training people to make firebombs.
  • In another possible escalation, neighboring Belarus could send troops to help Russia as soon as Monday, according to a senior American intelligence official with direct knowledge of current U.S. intelligence assessments.
  • On Monday, the Defense Ministry said extra personnel were deployed to Russian nuclear forces, and that the high alert status applies to all their components: the forces that oversee land-based intercontinental ballistic missiles, submarine-launched intercontinental ballistic missiles, and the fleet of nuclear-capable strategic bombers.
  • Exact death tolls are unclear, but the U.N. human rights chief said 102 civilians have been killed and hundreds wounded in five days of fighting — warning that figure was likely a vast undercount — and Ukraine’s president said at least 16 children were among the dead. More than 500,000 people have fled the country since the invasion, another U.N. official said

Read the original article by clicking here.

Ukraine-Russia Crisis: Cyberattacks Could Affect U.S.

Important Takeaways:

  • If Russia mounts cyberattacks against the United States, the targets could include banks, power plants, water treatment facilities, and communications. Cyber experts say Russia has the capability to disable or destroy U.S. satellites. Those attacks could also impact GPS for navigation, farming, automation, and oil exploration.
  • “Our food supply, things that have to do with our power supply, utilities,” cybersecurity expert Ian Marlow said. “Utilities have been brought down and then you don’t have service.”

Read the original article by clicking here.

Possible “Hybrid War” if talks fail, Archbishop of Latvia

Matthew 24:6 You will hear of wars and rumors of wars, but see to it that you are not alarmed. Such things must happen, but the end is still to come.

Important Takeaways:

  • Latvian Archbishop: If Putin Attacks Ukraine ‘We Will Be Next’
  • “If Vladimir Putin attacks Ukraine, we — the Baltic states — will be next, and then Poland too,” said Stankiewicz, the archbishop of Riga, Latvia’s capital. “If there is no dialogue, it will be very dangerous and could lead to a military situation.”
  • The archbishop said that Latvia fears a possible “hybrid war” combining military and non-military measures, such as propaganda and cyberattacks, used to destabilize the country.

Read the original article by clicking here.

North Korea developing nuclear, missile programs in 2021 -U.N. report

By Michelle Nichols

UNITED NATIONS (Reuters) – North Korea continued developing its nuclear and ballistic missile programs during the first half of 2021 in violation of international sanctions and despite the country’s worsening economic situation, according to an excerpt of a confidential United Nations report seen by Reuters on Friday.

The report by a panel of independent sanctions monitors to the U.N. Security Council North Korea sanctions committee said Pyongyang “continued to seek material and technology for these programs overseas.”

“Despite the country’s focus on its worsening economic travails, the Democratic People’s Republic of Korea continued to maintain and develop its nuclear and ballistic missile programs,” the sanctions monitors concluded.

North Korea is formally known as the Democratic People’s Republic of Korea (DPRK). North Korea’s mission to the United Nations in New York did not immediately respond to a request for comment on the U.N. report.

The isolated Asian nation imposed a strict lockdown last year amid the coronavirus pandemic that has slashed its trade and aid access, hurting an economy already burdened by international sanctions.

In June, leader Kim Jong Un said the country faced a “tense” food situation and much would depend on this year’s harvests.

“Statements made by DPRK suggested a deepening humanitarian crisis in the country, although the COVID-19 blockade means that the relative impact of sanctions on the humanitarian situation has probably decreased,” the U.N. monitors wrote.

“With trade all but stopped by the blockade, and last year’s harvest badly affected by floods, the current prospects of the wider DPRK population are poor,” they said.

North Korea has been subjected to U.N. sanctions since 2006 over its nuclear and ballistic missile programs. The Security Council has steadily strengthened sanctions in a bid to cut off funding for the programs.

Among the sanctions imposed are a ban on the export of coal and other commodities and the import of oil.

“Maritime exports from DPRK of coal and other sanctioned commodities continued, but at a much reduced level. The import of oil products reported to the panel fell substantially in the first half of the year,” according to the U.N. report.

Pyongyang also continued to access international financial institutions and North Korean workers continued to earn money overseas for use in state programs, said the U.N. sanctions monitors, adding: “Officials overseas continued to feel pressure to develop revenue streams.”

The monitors said they were continuing to investigate North Korea’s involvement in global cyber activity and collaboration by North Korean academics and universities with scientific institutes abroad, “focusing on studies with potential applications in WMD (weapons of mass destruction) programs.”

The U.N. sanctions monitors have previously reported that North Korea has stolen hundreds of millions of dollars using cyberattacks.

(Reporting by Michelle Nichols; Editing by Mark Potter)

Biden, Putin to meet in Geneva on June 16 amid disagreements

By Nandita Bose and Arshad Mohammed

WASHINGTON (Reuters) -U.S. President Joe Biden and Russian President Vladimir Putin will meet in Geneva on June 16, the White House and the Kremlin said on Tuesday amid sharp disputes over election interference, cyberattacks, human rights and Ukraine.

Earlier this month, Reuters reported that both countries were lowering expectations for breakthroughs at the superpower summit, with neither in a mood to make concessions on their disagreements.

“The leaders will discuss the full range of pressing issues, as we seek to restore predictability and stability to the U.S.-Russia relationship,” White House Press Secretary Jen Psaki said on Tuesday.

The Kremlin said in a statement that the two leaders would discuss bilateral ties, problems related to strategic nuclear stability, and other issues including cooperation in the fight against COVID-19 and regional conflicts.

Biden has previously said he wants Putin to stop trying to influence U.S. elections, stop cyberattacks on U.S. networks emanating from Russia, stop threatening Ukraine’s sovereignty and release jailed Kremlin critic Alexei Navalny.

The White House has avoided describing Biden as seeking a “reset” in relations with Putin, a term often used by former U.S. presidents as they seek to improve relations with Russia.

Rather, U.S. officials see the face-to-face meeting as an opportunity to tilt the relationship away from what they view as former President Donald Trump’s fawning overtures to Putin.

Russian officials told Reuters they regard the summit as an opportunity to hear from Biden directly after what a source close to the Russian government said were mixed messages from the U.S. administration that took office on Jan. 20.

Putin views U.S. pressure over Navalny and its support for pro-democracy activists in Russia and Belarus as tantamount to interfering in Russian domestic affairs.

Russia is also unhappy about U.S. sanctions, including those announced on April 15 that included curbs to the Russian sovereign debt market to punish Moscow for interfering in the 2020 U.S. election, cyber hacking, bullying Ukraine and other alleged malign actions which Russia denies.

The U.S. government blacklisted Russian companies, expelled Russian diplomats and barred U.S. banks from buying sovereign bonds from Russia’s central bank, national wealth fund and Finance Ministry. The United States warned Russia that more penalties were possible but said it did not want to escalate.

Russia denies meddling in U.S. elections, orchestrating a cyber hack that used U.S. tech company SolarWinds Corp SWI.N to penetrate U.S. government networks and employing a nerve agent to poison Navalny, who is imprisoned on charges he says are politically motivated.

Biden has also voiced concerns about the buildup of Russian forces in Crimea, which Russia seized from Ukraine in March 2014, and along the border with Ukraine, which have raised U.S. worries about a possible invasion.

Another topic likely to come up is Western outrage at Belarus, which scrambled a fighter and forced a Ryanair plane to land on Sunday in Minsk, where authorities arrested a Belarusian dissident journalist aboard the plane.

Russia has denied reports four of its citizens got off the plane in Minsk, which sparked suspicions of Russian involvement.

(Reporting by Susan Heavey and Nandita Bose; Writing by Arshad Mohammed; Editing by Doina Chiacu and Howard Goller)

Pipeline outage causes U.S. gasoline supply crunch, panic buying

By Laura Sanicola and Devika Krishna Kumar

(Reuters) -Gas stations from Florida to Virginia began running dry and prices at the pump rose on Tuesday, as the shutdown of the biggest U.S. fuel pipeline by hackers extended into a fifth day and sparked panic buying by motorists.

The administration of U.S. President Joe Biden projected that the Colonial Pipeline, source of nearly half the fuel supply on the U.S. East Coast, would restart in a few days and urged drivers not to top up their tanks.

“We are asking people not to hoard,” U.S. Energy Secretary Jennifer Granholm told reporters at the White House. “Things will be back to normal soon.”

Colonial was shut on Friday after hackers launched a ransomware attack – effectively locking up its computer systems and demanding payment to release them – and the company has said it is hoping to “substantially” restart by the end of this week.

But the outage, which has underscored the vulnerability of vital U.S. infrastructure to cyberattacks, has already started to hurt.

About 7.5% of gas stations in Virginia and 5% in North Carolina had no fuel on Tuesday as demand jumped 20%, tracking firm GasBuddy said. Unleaded gas prices, meanwhile, neared an average $2.99 a gallon, its highest price since November 2014, the American Automobile Association said.

In an effort to ease the strain on consumers, Georgia suspended sales tax on gas until Saturday, and North Carolina declared an emergency. The U.S. federal government, meanwhile, has loosened rules to make it easier for suppliers to refill storage, including lifting seasonal anti-smog requirements for gasoline and allowing fuel truckers to work longer hours.

Granholm said there is not a shortage but a gasoline supply “crunch” in North Carolina, South Carolina, Tennessee, Georgia and Southern Virginia, regions that typically rely on Colonial for fuel.

Driver Caroline Richardson said she was paying 15 cents more per gallon than a week ago as she refueled at a gas station in Sumter, South Carolina. “I know some friends who decided not to go out of town this weekend to save gas,” she said.

DARKSIDE HACK

The strike on Colonial “is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” Ohio Senator Rob Portman told a Senate hearing on cybersecurity threats on Tuesday.

The FBI has accused a shadowy criminal gang called DarkSide of the ransomware attack. DarkSide is believed to be based in Russia or Eastern Europe and avoids targeting computers that use languages from former Soviet republics, cyber experts say.

Russia’s embassy in the United States rejected speculation that Moscow was behind the attack. President Joe Biden a day earlier said there was no evidence so far that Russia was responsible.

A statement issued in DarkSide’s name on Monday said: “Our goal is to make money, and not creating problems for society.”

It is unknown how much money the hackers are seeking, and Colonial has not commented on whether it would pay.

“Cyber attacks on our nation’s infrastructure are growing more sophisticated, frequent and aggressive,” Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), said on Tuesday at a Senate hearing on the SolarWinds hack that hit companies and government agencies.

GOVERNMENT STEPS IN

The Environmental Protection Agency issued a waiver on Tuesday that allows distributors to continue supplying winter fuel blends through May 18 in three Mid-Atlantic states to help ease supplies.

North Carolina and the U.S. Department of Transportation, meanwhile, relaxed fuel-driver rules, allowing truckers hauling gasoline to work longer hours. North Carolina and Virginia have both declared a state of emergency.

The U.S. has also started the work needed to enable temporary waivers of Jones Act vessels in response to the cyber attack – something that would allow foreign flagged fuel carriers to move from one U.S. port to another, the Transportation Department said.

There are growing concerns that the pipeline outage could lead to further price spikes ahead of the Memorial Day weekend at the end of this month. The weekend is the traditional start of the busy summer driving season.

Gulf Coast refiners that rely on Colonial’s pipeline to move their products have cut processing. Total SE trimmed gasoline production at its Port Arthur, Texas, refinery and Citgo Petroleum pared back at its Lake Charles, Louisiana, plant, sources told Reuters.

Marathon Petroleum is “making adjustments” to its operations due to the pipeline shutdown, a spokesman said without providing details.

While the pipeline outage is having big short-term consequences in some regions, some experts believe the longer term impact will be small.

“Markets will go crazy, but two weeks later no one knows it happened,” said Chuck Watson, director of research at ENKI, which studies the economic effects of natural and other disasters.

(Reporting by Laura Sanicola, Stephanie Kelly and Devika Krishna Kumar; Additional reporting by Nandita Bose; Editing by Paul Simao, Cynthia Osterman and Grant McCool)

Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike

By Raphael Satter, Jack Stubbs and Christopher Bing

WASHINGTON/LONDON (Reuters) – Elite hackers tried to break into the World Health Organization earlier this month, sources told Reuters, part of what a senior agency official said was a more than two-fold increase in cyberattacks.

WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear, but the effort was unsuccessful. He warned that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus, which has killed more than 15,000 worldwide.

The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity.

Urbelis said he picked up on the activity around March 13, when a group of hackers he’d been following activated a malicious site mimicking the WHO’s internal email system.

“I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” he said.

Urbelis said he didn’t know who was responsible, but two other sources briefed on the matter said they suspected an advanced group of hackers known as DarkHotel, which has been conducting cyber-espionage operations since at least 2007.

Messages sent to email addresses maintained by the hackers went unreturned.

When asked by Reuters about the incident, the WHO’s Aggio confirmed that the site spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staffers.

“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” Aggio said in a telephone interview. “There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”

The WHO published an alert last month – available here warning that hackers are posing as the agency to steal money and sensitive information from the public.

The motives in the case identified by Reuters aren’t clear. United Nations agencies, the WHO among them, are regularly targeted by digital espionage campaigns and Aggio declined to say who precisely at the organization the hackers had in their sights.

Cybersecurity firms including Romania’s Bitdefender and Moscow-based Kaspersky said they have traced many of DarkHotel’s operations to East Asia – an area that has been particularly affected by the coronavirus. Specific targets have included government employees and business executives in places such as China, North Korea, Japan, and the United States.

Costin Raiu, head of global research and analysis at Kaspersky, could not confirm that DarkHotel was responsible for the WHO attack but said the same malicious web infrastructure had also been used to target other healthcare and humanitarian organizations in recent weeks.

“At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country,” he said.

Officials and cybersecurity experts have warned that hackers of all stripes are seeking to capitalize on international concern over the spread of the coronavirus.

Urbelis said he has tracked thousands of coronavirus-themed web sites being set up daily, many of them obviously malicious.

“It’s still around 2,000 a day,” he said. “I have never seen anything like this.”

(Additional reporting by Hyonhee Shin in Seoul; Editing by Chris Sanders and Edward Tobin)