Delta Elektroniks highly likely supported by the Russian government and a direct threat to energy sector supply chain operations
Treadstone 71 asserts with high confidence that Delta Elektroniks (DE) is likely a front company directly associated with Energetic Bear (Dragonfly). The equipment purchased from DE is vulnerable to supply chain threats due to malware embedded in the Taiwanese Delta Electronics (T-DE) programmable logic controller (PLC) software. T-DE is not aware of the infections allowing customers to download and install infected PLC software for the initial purposes of cyber espionage. Long-term intentions include possible physical sabotage operations and the potential to manipulate markets through false accidents (real but not due to human error or technology failure) to artificially drive up stocks (or down). Speculation of oil prices targeted to drive revenue when the price per barrel is too low to sustain economic plans. The PLCs appear to be genuine production parts with malware introduced post-production. Verification of Oleg Vladimirovich Strekozov’s identity is incomplete; the name is likely fictitious and probably state-sponsored. Evidence that suggests this outcome:
Purely a Treadstone 71 effort
Malware Targets SCADA Devices
- TTPs are like Dragonfly (Strekozov as defined) or Energetic Bear (B2)
- Targeting SCADA devices is consistent with espionage practices (B2)
- Provides hackers a foothold into US critical infrastructure via trusted downloads – Delta Website in Taiwan (as one of many)
- A copycat website in Russia is suspicious and consistent with masquerade techniques (C3)
- A legitimate Russian business would not conduct themselves in such a way (C2)
- Multiple other sites deliver the same software (C3) …
NOTE: It is possible that the T-DE PLC software is poorly written and vulnerable by default. Scans from the T-DE website indicate website vulnerabilities including SQL injection weaknesses.
The full report: Treadstone 71Intelligence Games in the Power Grid PDF
The associated PPTX: Treadstone 71 Intelligence Games in the Power Grid
Our defenses are built for outside in. This is already in. Anti-virus scanners do not detect any of this only sandbox analysis. ‘Trusted’ software is being downloaded from multiple different sites in multiple different languages covering multiple different industries. Data centers, buildings, power plants, hospitals, public safety, dams, nuclear facilities, financial services data centers, oil pipelines, military facilities, hotels, industrial automation, building automation, energy and ICT infrastructure, embedded power, automotive electronics (ships/boats), embedded power, various components thereof, merchant and mobile power, telecom energy, and renewable energy non-inclusively.
Recent reports from Symantec (outside in):
https://www.reuters.com/article/us-usa-cyber-energy/u-s-warns-public-about-attacks-on-energy-industrial-firms-idUSKBN1CQ0IN RELEASED OCTOBER 20/21