Logo of Phnom Penh Post newspaper Phnom Penh Post - US says 'Russia-based' group DarkSide behind pipeline hack



US says 'Russia-based' group DarkSide behind pipeline hack

Content image - Phnom Penh Post
After a cyberattack, Colonial said it was moving toward a partial reopening of its pipeline system – the largest fuel network between the US states of Texas and New York. AFP

US says 'Russia-based' group DarkSide behind pipeline hack

US President Joe Biden on May 10 said a Russia-based group was behind the ransomware attack that forced the shutdown of the largest oil pipeline in the eastern part of the country.

The Federal Bureau of Investigation (FBI) identified the group behind the hack of Colonial Pipeline as DarkSide, a shadowy operation that surfaced last year and attempts to lock up corporate computer systems and force companies to pay to unfreeze them.

"So far there is no evidence ... from our intelligence people that Russia is involved, although there is evidence that actors, ransomware is in Russia," Biden told reporters.

"They have some responsibility to deal with this," he said.

Three days after being forced to halt operations, Colonial on May 10 said it was moving toward a partial reopening of its 8,850km of pipeline – the largest fuel network between the states of Texas and New York.

At the White House, Deputy National Security Adviser Elizabeth Sherwood-Randall said Biden was being kept updated on the incident, which threatened to crimp supplies of petrol, diesel fuel and jet fuel across much of the eastern US.

Colonial said in a statement that "segments of our pipeline are being brought back online".

"Colonial has told us that it has not suffered damage and can be brought back online relatively quickly," Sherwood-Randall said, with no fuel disruptions so far.

The ransomware forced the company to shut down pipeline controls system for safety reasons.

DarkSide began attacking medium and large-sized companies mostly in Western Europe, Canada and the US last year, reportedly asking for anywhere from a few hundred thousand dollars to a few million dollars, to be paid in Bitcoin.

In return, DarkSide supplies the company with a programme that will unlock its computing systems.

They also download and retain large amounts of data from the company, threatening to release it publicly if the company does not pay up.

In a statement on their website on the dark net, they rejected allegations that they had any official backing.

"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives," it said.

"Our goal is to make money, and not creating problems for society."

Dmitri Alperovitch, one of the foremost cybersecurity experts who cofounded the firm CrowdStrike, said his group believes DarkSide enjoys official protection in Russia.

"A ransomware group we believe is operating [and likely harboured] by Russia has shutdown a company that is moving 45% of petroleum supplying the East Coast. Is it a criminal act? Sure," he tweeted.

He said it also "undoubtedly" has "huge" national security implications, especially in Russia-US relations.

Another cybersecurity expert, Brett Callow of Emsisoft, told NBC News that an indication of the group's origins is that its software is designed to not work on computers whose default languages are Russian or several other eastern European languages.

"DarkSide doesn't eat in Russia," Callow told NBC.

Anne Neuberger, deputy national security adviser for cyber, said most ransomware comes from transnational criminal groups.

Asked if Colonial Pipeline or other companies should pay the ransom, she said the Biden administration has not offered advice on that.

"They have to balance the cost-benefit when they have no choice with regard to paying a ransom," she said. "Typically that is a private sector decision."

MOST VIEWED

  • Restrictions re-imposed in capital as Covid cases surge

    Amid the ongoing community outbreak of Covid-19, which has shown no sign of subsiding with 750 infections and 10 deaths reported on June 2 alone, the Phnom Penh Municipal Administration has decided to re-impose the suspension of all occupations and business activities deemed as posing high risk of

  • Phnom Penh-Sihanoukville expressway 51% complete

    The construction of the nearly $2 billion Phnom Penh-Sihanoukville Expressway is 51.35 per cent complete and is expected to be finished in 2023, according to Ministry of Public Works and Transport secretary of state Vasim Sorya. Invested in by Cambodian PPSHV Expressway Co Ltd, the first expressway in

  • First 7-Eleven store to open mid-June, ambassador says

    Thai retail conglomerate CP All Pcl will open Cambodia’s first 7-Eleven convenience store in mid-June, Cambodian ambassador to Thailand Ouk Sorphorn told The Post on June 1. The Bangkok-listed 7-Eleven franchise operator, the retail arm of Charoen Pokphand Group Co Ltd, granted CP All (Cambodia)

  • With herd immunity likely in 2022, is Cambodia ready to reopen for tourism?

    The government aims to inoculate 80 per cent of the target population by June next year, giving it a head start among regional peers to reboot the sector but first, it has to do a few things to up its game A sign on a glass

  • US embassy guard gets Covid despite two doses of Pfizer jab

    The Covid-19 tracking commission on June 4 said a security guard at the US embassy in Phnom Penh had contracted the novel coronavirus, despite having received a second dose of the Pfizer-BioNTech shot two weeks ago. Embassy spokesperson Chad Roedemeier confirmed the SARS-CoV-2 infection to The

  • US wants 'full access' to Ream Naval Base

    On June 11, the US embassy's Defense Attaché Colonel Marcus M Ferrara visited Ream Nava Base in coordination with Cambodian officials following the recent approval of Prime minister Hun Sen to allay the concerns on Chinese military presence at the base as raised by US Deputy