Russian-aligned hackers seek to disrupt Canadian energy sector, intelligence agency warns

One of Canada’s intelligence agencies warns that non-state threat actors aligned with Russia will continue their attempts to compromise the country’s oil and gas sector until the end of the war in Ukraine.

The warning is contained in the Communications Security Establishment’s latest threat assessment, released on Wednesday.

“We assess that the intent of this activity is highly likely to disrupt essential services for psychological impact, ultimately weakening Canadian support to Ukraine. We estimate that this activity will almost certainly continue for the duration of the war and will likely increase as Russian invasion efforts fail or new support for Ukraine is announced,” the report said.

The foreign signals and cyber-intelligence agency said that while non-state actors aligned with Russia might be less sophisticated and technically capable than their Kremlin-sponsored counterparts, they can still do damage.

“We assess that there is an equal chance that a disruptive incident in the oil and gas sector in Canada will be caused by Russian-aligned actors, due to their higher risk tolerance, increased number and their activity, as well as the number of vulnerable people targeted across the sector,” the CSE report states.

The agency said those seeking to disrupt Canada’s oil and gas supply are likely seeking to target bottlenecks – such as large-diameter pipeline networks, transfer terminals and major refining facilities.

Threat assessment comes months after set of US intelligence documents leaked suggested that Russian-backed hackers had gained access to Canada’s natural gas distribution network.

In April, the Canadian Center for Cyber ​​Security at CSE, the government’s cybersecurity authority, said it could not comment on the leak. He said he had a confirmed report that an actor “had the potential to cause physical damage to Canadian critical infrastructure.”

Wednesday’s report, which is aimed at oil and gas company executives and those working in their cyber departments, warns that multiple actors — from cybercriminals to foreign adversaries — pose a threat to the sector.

Ransomware is the main threat: report

“We believe that commercial email compromise and ransomware, in particular, is almost certainly the number one cyber threat facing the Canadian oil and gas sector. Ransomware is almost certainly the number one cyber threat to Canadians’ reliable oil and gas supply,” the report states.

In 2021, a ransomware attack on Colonial Pipeline, an 8,880 kilometer long pipeline that runs along the East Coast, took tens of millions of liters of gasoline offline.

A customer pumps gas at Costco as others line up in 2021 following the cyberextortion attempt on the Colonial Pipeline, a vital US pipeline that carries fuel from the Gulf Coast to the northeast. (Chris Carlson/Associated Press)

“It was estimated that at the time the pipeline was restarted, the eastern United States was only days away from experiencing food and other shortages due to the disruption of fuel supplies from ‘other sectors such as trucking’, says the CSE report.

“It’s hard to overstate the importance of the oil and gas sector to national security because so much of our critical infrastructure depends on oil and gas products to function.”

The CSE said state-sponsored actors, meanwhile, are likely to continue to target the sector for commercial and economic reasons – hunting for trade secrets, research and business and production plans.

“We believe that since the oil and gas sector is critical infrastructure, it is most likely a strategic target for state-sponsored cyber activity aimed at projecting state power, particularly in times of crisis. geopolitical tension,” the report said.

CSE says Russia unlikely to attack infrastructure

The CSE said state-sponsored actors would “most likely” prey on operational technology (OT) networks that control industry assets. The agency has long warned that industry’s move to connect operational hardware to information technology could make those systems more vulnerable.

“State-sponsored actors are almost certainly working to improve their ability to sabotage EO in critical infrastructure,” the report read.

But even if state actors like Russia are in a position to attack Canada’s energy supplies, that doesn’t mean they plan to do so, CSE said.

While Russian state-sponsored cyber actors are almost certainly carrying out reconnaissance activities against Canadian operators, “it is highly unlikely that a state-sponsored cyber actor will intentionally disrupt or damage oil and gas infrastructure. gas in Canada outside of hostilities,” the report said.

“We find it highly unlikely that Russian state-sponsored actors will choose to carry out a destructive attack on Canadian or allied oil and gas infrastructure outside of an imminent armed conflict between Canada and Russia.”

The report ends with a plea for the oil and gas sector to strengthen its security.

“State-sponsored cyber activity against the oil and gas sector has become a regular feature of global cyber threat activity, particularly in times of increasing geopolitical tensions,” the report said.

“State-sponsored politically motivated cyber threat actors, including Russia, China and Iran, have targeted the global energy sector for both espionage and disruption/destruction.”

Leave a Comment