In this CyberWire podcast from October 9, CyberX VP of Industrial Cybersecurity Phil Neray discusses the topic of the US Department of Justice charging seven hackers, working for the Russian military agency GRU, with carrying out a vast intrusion campaign against a wide range of organizations. Listen to his comments in the podcast recording starting at 7:55.
“Almost buried in the indictment is a description of how the GRU hacked Pittsburgh-based Westinghouse, whose power plant designs are used in about half of the world’s nuclear power plants. One of the motivations for this attack would be to steal sensitive design information about industrial control systems so that Russian threat actors could further compromise critical infrastructure in the West. This is pretty sobering, especially when you realize that the GRU is also responsible for unleashing NotPetya on the world, a destructive worm which has been called the most devastating cyberattack in history.”