Delta Elektroniks highly likely supported by the Russian government and a direct threat to energy sector supply chain operations

Treadstone 71 asserts with high confidence that Delta Elektroniks (DE) is likely a front company directly associated with Energetic Bear (Dragonfly), and the equipment purchased from DE is vulnerable to supply chain threats due to malware embedded in the Taiwanese Delta Electronics (T-DE) programmable logic controller (PLC) software. T-DE is not aware of the infections allowing customers to download and install infected PLC software for the initial purposes of cyber espionage. Long-term intentions include possible physical sabotage operations and the potential to manipulate markets through false accidents (real but not due to human error or technology failure) to artificially drive up stocks (or down). Speculation of oil prices targeted to drive revenue when the price per barrel is too low to sustain economic plans. The PLCs appear to be genuine production parts with malware introduced post-production. Verification of Oleg Vladimirovich Strekozov’s identity is incomplete; the name is likely fictitious and probably state-sponsored. Evidence that suggests this outcome:

Malware Targets SCADA Devices

  • TTPs are like Dragonfly (Strekozov as defined) or Energetic Bear (B2)
  • Targeting SCADA devices is consistent with espionage practices (B2)
    • Provides hackers a foothold into US critical infrastructure via trusted downloads – Delta Website in Taiwan (as one of many)
  • A copycat website in Russia is suspicious and consistent with masquerade techniques (C3)
  • A legitimate Russian business would not conduct themselves in such a way (C2)
  • Multiple other sites deliver the same software (C3) …

The full report: Intelligence Games in the Power Grid – 2016

The associated PPTX: Treadstone 71 Intelligence Games in the Power Grid

Our defenses are built for outside in. This is already in.  Anti-virus scanners do not detect any of this only sandbox analysis. ‘Trusted’ software is being downloaded from multiple different sites in multiple different languages covering multiple different industries. Data centers, buildings, power plants, hospitals, public safety, dams, nuclear facilities, financial services data centers, oil pipelines, military facilities, hotels, industrial automation, building automation, energy and ICT infrastructure, embedded power, automotive electronics (ships/boats), embedded power, various components thereof, merchant and mobile power, telecom energy, and renewable energy non-inclusively.

Recent reports from Symantec (outside in):

http://www.eweek.com/security/dragonfly-2.0-hackers-targeting-the-energy-sector-symantec-finds

https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group

https://www.reuters.com/article/us-usa-cyber-energy/u-s-warns-public-about-attacks-on-energy-industrial-firms-idUSKBN1CQ0IN RELEASED OCTOBER 20/21