A recent attempt at a destructive cyberattack on Poland’s power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators.

Tuesday’s alert follows a Jan. 30 report from Poland’s Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian government-linked hacking group, and that it targeted 30 wind and photovoltaic farms, among others.

CISA said its warning was meant to “amplify” that Polish report. In particular, CISA said the attack highlighted the threats to operational technology and industrial control systems, most commonly used in the energy and manufacturing sectors.

And CISA’s alert continues a recent agency focus on securing edge devices like routers or firewalls, after a binding operational directive last week to federal agencies to strip unsupported products from their systems.

“The malicious cyber activity highlights the need for critical infrastructure entities with vulnerable edge devices to act now to strengthen their cybersecurity posture against cyber threat activities targeting OT and ICS,” the alert reads.

“A malicious cyber actor(s) gained initial access in this incident through vulnerable internet-facing edge devices, subsequently deploying wiper malware and causing damage to remote terminal units (RTUs),” it states. “The malicious cyber activity caused loss of view and control between facilities and distribution system operators, destroyed data on human machine interfaces (HMIs), and corrupted system firmware on OT devices. While the affected renewable energy systems continued production, the system operator could not control or monitor them by their intended design.”

CISA urged owners and operators to review the Polish report, as well as security guidance from other U.S. agencies.

The attack directed at Poland — which its CERT compared to “deliberate arson,” and had a “purely destructive objective” at a time when the nation was struggling with cold temperatures and snowstorms — has had ripples in other parts of the world, too. 

“Operators of UK critical national infrastructure (CNI) must not only take note but, as we have said before, act now,” Jonathon Ellison, director for national resilience at the United Kingdom’s National Cyber Security Centre, said in a LinkedIn post Monday.

Dragos, a cybersecurity firm that specializes in industrial control systems, said the attack represented a new frontier.

“This is the first major cyber attack targeting distributed energy resources (DERs), the smaller wind, solar, and CHP [combined heat and power] facilities being added to grids worldwide,” the company wrote in a report last month. “Unlike the centralized systems impacted in electric grid attacks in 2015 and 2016 in Ukraine, these distributed systems are more numerous, require extensive remote connectivity, and often receive less cybersecurity investment. This attack demonstrates they are now a valid target for sophisticated adversaries.”

Poland’s analysis concluded that the infrastructure used in the attack overlapped with that used by the group known alternately as Static Tundra, Berserk Bear, Ghost Blizzard and Dragonfly.

The post After major Poland energy grid cyberattack, CISA issues warning to U.S. audience appeared first on CyberScoop.