Full Report
New research from Cyble has revealed the emergence of a new Russian hacktivist group on the dark web... The post Cyble details Russian hacktivist group Sector 16 targeting US oil infrastructure in alarming data breaches appeared first on Industrial Cyber.
Analysis Summary
# Threat Actor: Sector 16
## Attribution & Identity
- Emerged in January as a new Russian hacktivist group.
- Associated with **Z-Pentest**, with whom they formed a public alliance/collaborative partnership, displaying both logos in demonstration videos.
## Activity Summary
- Collaborated with Z-Pentest to launch an attack against a Supervisory Control and Data Acquisition (SCADA) system managing U.S. oil pumps and storage tanks in Texas.
- Claimed responsibility for unauthorized access to the control systems of a U.S. oil and gas production facility.
- Released a video demonstrating access to critical infrastructure control interfaces, including shutdown management, production monitoring, tank level readings, gas lift operations, and LACT data.
- Displayed access to valve control interfaces, pressure monitoring, and flow measurement data.
- The activity, similar to that of other Russian hacktivists, appears aimed at establishing credibility or threatening critical infrastructure, although Z-Pentest previously claimed to disrupt a U.S. oil well system.
## Tactics, Techniques & Procedures
- Targeting and accessing Operational Technology (OT)/Industrial Control Systems (ICS), specifically SCADA environments.
- Demonstration of control via interfaces for shutdown management, pressure monitoring, and flow measurement.
- Publicly displaying collaboration and branding (logos) to amplify credibility.
## Targeting
- Sectors: Oil & Gas, Critical Infrastructure (specifically SCADA systems).
- Geography: United States (Texas facility).
- Victims: U.S. oil and gas production facility; SCADA system managing oil pumps and storage tanks.
## Tools & Infrastructure
- Malware families used: Not specified, but operation focused on gaining control over OT systems.
- Infrastructure (C2, domains, IPs): Not specified.
## Implications
- High threat to critical infrastructure, particularly the energy sector, due to the demonstrated access and control over essential components like valves and shutdown mechanisms.
- The alliance between Sector 16 and Z-Pentest suggests a coordinated effort, increasing the operational capability and visibility of cyber-physical system intrusions by these hacktivist groups.
## Mitigations
- Implementing cybersecurity best practices such as zero trust frameworks.
- Risk-based vulnerability management.
- Network segmentation, especially isolating OT/ICS networks from IT networks.
- Maintaining tamper-proof backups.
- Implementing robust network and endpoint monitoring solutions.