The FBI confirmed that the hacker group “DarkSide” is responsible for the second major cyber-attack against the United States. This time it was the major oil pipeline network Colonial Pipeline, which has been out of service since last Friday.
The hacker group not only blocked access to the company’s computers but also demanded money to free them.
Security experts are calling the incident the worst cyber-attack to date on critical US infrastructure.
What is the Colonial pipeline network?
The Colonial network, located in Georgia, is a company that transports up to 2.5 million barrels of gasoline, diesel, and jet fuel a day from refineries in the Gulf of Mexico to the southern and eastern United States. As a result of the computer attack, the network had to interrupt operations on the 8,850 kilometers of pipelines it manages.
Its importance is vital for the East Coast of the country, as it is responsible for 45 % of the fuel transportation in that area.
The U.S. Department of Transportation declared a regional state of emergency because the attack caused sales restrictions at service stations affecting more than 17 states in the country.
What is DarkSide?
According to the RFI portal, DarkSide is a hacker gang that develops its own software to encrypt and then steal data.
It is a group dedicated to extorting money from those affected by its attacks.
The criminal group claims that it does not attack hospitals and nursing homes, educational or governmental targets and that it donates a portion of its money to charities.
It is unknown at this time whether Colonial has paid or is negotiating the ransom for the data.
Commerce Secretary Gina Raimondo said Sunday that ransomware attacks are “one of the biggest concerns for businesses today” and that she will work “very vigorously” with the Department of Homeland Security to address the problem.
According to Digital Shadows, a London-based cybersecurity firm told the BBC that the cyberattack occurred because hackers found how to leak into the system because of the high number of engineers remotely accessing the pipeline’s control systems.
Initial research by Digital Shadows suggests that the hackers are likely based in a Russian-speaking country.
Second major cyberattack
Although the United States has not yet suffered any major cyberattacks on its critical infrastructure, according to the AP news agency, officials say Russian hackers have been known to infiltrate some crucial sectors, positioning themselves to cause damage if armed conflict were to break out.
In April, Biden declared a national emergency over the Russian “threat” after formally charging Russia’s Foreign Espionage Service (SVR) with perpetrating the massive cyberattack that allegedly began in 2019 and penetrated U.S. government systems and major companies through a program run by the company SolarWinds.
The Russian-backed hackers infiltrated the internal email systems of the U.S. Treasury Department and the Commerce Department’s National Telecommunications and Information Administration, spying on communications for months.
According to the disclosed information, the hackers were able to infiltrate the government agencies’ systems, and FireEye, a cybersecurity firm, through a malicious software update introduced into a product from SolarWinds Inc, a U.S. network management company.