21 U.S. LNG producers hacked

On 7 March 2022, Bloomberg published an investigation by Resecurity Inc. into a large-scale hacking operation targeting the U.S. energy sector, including liquefied natural gas (LNG), in mid-February 2022, ten days before Russia invaded Ukraine.

Resecurity found that in early February 202, a group of hackers (one of whom is linked to the 2018 attacks in Europe by Strontium, a group associated with the Russian military intelligence service GRU) was seeking to purchase computer access to employees or former employees of U.S. natural gas companies. The hackers were willing to pay up to $15,000 per access.

Gene Yoo, managing director of Resecurity, explains that his teams were able to find a vulnerability in the hackers’ infrastructure and access numerous files related to a large-scale compromise campaign.

During the blitz—which lasted a fortnight, until 15 February—the attackers gained access to more than 100 computers belonging to current and former employees of 21 major U.S. energy companies.

Targets include Cheniere Energy, the largest U.S. LNG exporter; Chevron, a major oil producer that owns and operates the Gorgon LNG terminal in Australia; EQT Corp, the largest U.S. natural gas driller and producer; and Kinder Morgan, the largest U.S. oil-and-gas pipeline operator, which operates the Elba Island LNG export terminal.

According to Gene Yoo, this ‘pre-positioning’ operation was aimed at the networks of the companies involved—and in this area, a former employee’s computer can be just as valuable as a current one, as many companies are slow to cut off an ex-employee’s access.

The motive for the attack remains unknown, and the investigation does not reveal whether the hackers succeeded in compromising the companies. Given the criticality of the targeted infrastructure and the timing, Gene Yoo believes it is likely that the hackers were state-sponsored. Russia legitimately seems the number one suspect.

On 7 March 2022, Bloomberg published an investigation by Resecurity Inc. into a large-scale hacking operation targeting the U.S. energy sector, including liquefied natural gas (LNG), in mid-February 2022, ten days before Russia invaded Ukraine.

Resecurity found that in early February 202, a group of hackers (one of whom is linked to the 2018 attacks in Europe by Strontium, a group associated with the Russian military intelligence service GRU) was seeking to purchase computer access to employees or former employees of U.S. natural gas companies. The hackers were willing to pay up to $15,000 per access.

Gene Yoo, managing director of Resecurity, explains that his teams were able to find a vulnerability in the hackers’ infrastructure and access numerous files related to a large-scale compromise campaign.

During the blitz—which lasted a fortnight, until 15 February—the attackers gained access to more than 100 computers belonging to current and former employees of 21 major U.S. energy companies.

Targets include Cheniere Energy, the largest U.S. LNG exporter; Chevron, a major oil producer that owns and operates the Gorgon LNG terminal in Australia; EQT Corp, the largest U.S. natural gas driller and producer; and Kinder Morgan, the largest U.S. oil-and-gas pipeline operator, which operates the Elba Island LNG export terminal.

According to Gene Yoo, this ‘pre-positioning’ operation was aimed at the networks of the companies involved—and in this area, a former employee’s computer can be just as valuable as a current one, as many companies are slow to cut off an ex-employee’s access.

The motive for the attack remains unknown, and the investigation does not reveal whether the hackers succeeded in compromising the companies. Given the criticality of the targeted infrastructure and the timing, Gene Yoo believes it is likely that the hackers were state-sponsored. Russia legitimately seems the number one suspect.

On 7 March 2022, Bloomberg published an investigation by Resecurity Inc. into a large-scale hacking operation targeting the U.S. energy sector, including liquefied natural gas (LNG), in mid-February 2022, ten days before Russia invaded Ukraine.

Resecurity found that in early February 202, a group of hackers (one of whom is linked to the 2018 attacks in Europe by Strontium, a group associated with the Russian military intelligence service GRU) was seeking to purchase computer access to employees or former employees of U.S. natural gas companies. The hackers were willing to pay up to $15,000 per access.

Gene Yoo, managing director of Resecurity, explains that his teams were able to find a vulnerability in the hackers’ infrastructure and access numerous files related to a large-scale compromise campaign.

During the blitz—which lasted a fortnight, until 15 February—the attackers gained access to more than 100 computers belonging to current and former employees of 21 major U.S. energy companies.

Targets include Cheniere Energy, the largest U.S. LNG exporter; Chevron, a major oil producer that owns and operates the Gorgon LNG terminal in Australia; EQT Corp, the largest U.S. natural gas driller and producer; and Kinder Morgan, the largest U.S. oil-and-gas pipeline operator, which operates the Elba Island LNG export terminal.

According to Gene Yoo, this ‘pre-positioning’ operation was aimed at the networks of the companies involved—and in this area, a former employee’s computer can be just as valuable as a current one, as many companies are slow to cut off an ex-employee’s access.

The motive for the attack remains unknown, and the investigation does not reveal whether the hackers succeeded in compromising the companies. Given the criticality of the targeted infrastructure and the timing, Gene Yoo believes it is likely that the hackers were state-sponsored. Russia legitimately seems the number one suspect.