The Largest Security-Cleared Career Network for Defense and Intelligence Jobs - JOIN NOW

Homeland Security

[ rfe/rl banner ]

FBI Confirms DarkSide Hacker Group Is Behind Pipeline Cyberattack

By RFE/RL May 10, 2021

A criminal gang known as DarkSide is behind a ransomware cyberattack that has paralyzed the largest U.S. fuel pipeline, the FBI confirmed on May 10.

A brief statement from the FBI statement posted on Twitter said it was working with Colonial Pipeline and other government agencies on investigating the cyberattack, which has alarmed the U.S. government and caused worry over potential fuel supply disruptions in the eastern United States.

DarkSide has been assessed as a criminal actor, Anne Neuberger, deputy national-security adviser for cyber and emerging technology, said at a White House briefing on May 10. Asked about whether Russia was involved, she added that this was "certainly something our intelligence community is looking into."

Neuberger said the White House was not offering advice on whether to pay the ransom. She said the cyberattackers used a known variant of ransomware software and advised other companies to take action to protect themselves.

DarkSide, a gang that typically targets non-Russian speaking countries, said in a statement posted at its website that the goal of the cyberattack was to "make money, and not creating problems for society." DarkSide described itself as "apolitical" in the statement, adding "we do not participate in geopolitics."

The statement said DarkSide intended to donate a portion of its profits to charities and had already sent its first donation.

The statement, quoted by CNBC and other U.S. media outlets, did not say how much ransom the hackers were seeking. Colonial Pipeline has not commented on the hackers' statement.

Colonial Pipeline said on May 8 that it was the victim of a ransomware attack the previous day and in response it had "proactively" taken systems offline to contain the threat, which halted all pipeline operations and affected some IT systems.

The privately held company said on May 10 that it expected to "substantially" restore operational service by the end of the week.

The pipeline transports about 45 percent of the U.S. eastern coast's fuel supplies -- including gasoline, diesel, jet fuel, and home heating oil-- from Gulf refineries in Texas all the way to New York. Experts said the shutdown was unlikely to have a major impact on fuel prices unless it were to last more than a week.

The situation nevertheless raised concerns about supply, and the U.S. government has issued a regional state of emergency, loosening regulations for the transport of fuel products on highways across 17 states and the District of Columbia.

The White House has made restarting the Colonial Pipeline network a top priority and organized a federal task force to assess the impact and decide what additional steps are needed to avoid disruptions in supply.

There is no supply disruption currently, Elizabeth Randall-Sherwood, President Joe Biden's homeland security adviser, said at a White House briefing.

In a ransomware attack, hackers break into computer systems and scramble a victim's data, making it unusable. The criminals then demand money in exchange for software decryption keys.

The attacks, often carried out by criminal syndicates operating out of Russia or former Soviet states, have become increasingly prevalent, targeting governments and critical infrastructure organizations.

The attack presents a new challenge for the Biden administration after two major cybersecurity breaches -- the SolarWinds hack that compromised U.S. government agencies and private sector computer networks, and another penetration of some Microsoft e-mail servers.

The SolarWinds hack was blamed on Russian state-backed hackers while the Microsoft breach was attributed to a Chinese cyberespionage campaign.

With reporting by AFP, AP, CBS, CNBC, and Reuters

Source: -darkside-hacker-group-pipeline- cyberattack-russia/31248174.html

Copyright (c) 2021. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.

Join the mailing list