Colonial Pipeline hackers 'in Russia used a SINGLE compromised password in cyber assault' that caused US gas crisis
THE RUSSIAN hackers responsible for shutting down Colonial Pipeline used one single compromised password, according to reports.
The cyberattack on Colonial Pipeline, which transports 45 percent of all fuel consumed on the east coast, caused a gas crisis.
As the largest refined oil pipeline in the U.S., Colonial Pipeline normally transports 2.5 million barrels of gas per day, supplying gasoline and diesel to the east coast and jet fuel to major airports.
Colonial Pipeline shut down on April 29 after it was hacked by a Russian crime group DarkSide.
The group targets large corporations, gains access to the victim's confidential data, and then threatens to leak it if a ransom isn't paid.
Now it's been revealed the hackers used a virtual private network account – used by employees to remotely access the companies network – to gain access.
Charles Carmakal, senior vice president at cybersecurity firm Mandiant, part of FireEye Inc said that although the account was no longer being used by employees, it could still access the network.
And the account's password has since been discovered, along with other leaked passwords, on the dark web, reports Bloomberg.
But Carmakal says he is unsure how the hackner got the password, and that they may never know for certain.
And although the hackners had gotten the password, it is not known how they figured out the username.
“We did a pretty exhaustive search of the environment to try and determine how they actually got those credentials,” Carmakal said.
“We don’t see any evidence of phishing for the employee whose credentials were used. We have not seen any other evidence of attacker activity before April 29.”
Meanwhile, JBS USA was hacked on Sunday, causing all of the company's US-based meatpacking plants to shut down operations.
The Russia-based hacking group REvil is suspected to be behind that attack.
The White House has stepped up its response to the attacks, confirming that they are engaging "directly with the Russian government."
Asked if he would "retaliate against Russia for this latest ransomware attack," President Joe Biden said: "We're looking closely at that issue."
However, the president said "no" when the reporter then asked if he thought Russian President Vladimir Putin was "testing" him.
On Wednesday, the White House said that Biden would bring up the issue of cyber-attacks when he meets with Russian President Vladimir Putin in two weeks in Geneva.
Earlier this week FBI Director Christopher Wray called on officials to step up their response to the cyberattacks, comparing them to the 9/11 terror attacks.
"There are a lot of parallels, there's a lot of importance, and a lot of focus by us on disruption and prevention," Wray told the Wall Street Journal.
"There's a shared responsibility, not just across government agencies but across the private sector and even the average American," Wray said.
Source: Read Full Article