www.nbcnews.com Open in urlscan Pro
2a02:26f0:480:685::2506  Public Scan

URL: https://www.nbcnews.com/tech/security/leaked-us-assessment-includes-warning-russian-hackers-accessing-sensit-rcna79011
Submission: On April 21 via api from US — Scanned from DE

Form analysis 2 forms found in the DOM

GET https://www.nbcnews.com/search

<form action="https://www.nbcnews.com/search" method="GET" class="search-form js-search-form"><label class="search-label" for="q" id="search_label">Search</label>
  <div class="search-inner"><input type="search" class="search-input js-search-input" aria-labelledby="search_label" id="q" name="q" placeholder="Search NBC News" tabindex="-1"><button class="search-button" data-activity-map="header-button-6"
      tabindex="-1"><span class="search-button-icon"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" aria-labelledby="search_title">
          <title class="search_title">Search</title>
          <path fill-rule="evenodd" d="M13.773 11.649L20 17.876 17.876 20l-6.227-6.227a7.508 7.508 0 112.124-2.124zm-6.265.364a4.505 4.505 0 100-9.01 4.505 4.505 0 000 9.01z"></path>
        </svg></span></button></div>
</form>

GET https://www.nbcnews.com/search

<form action="https://www.nbcnews.com/search" method="GET" class="search-form js-search-form"><label class="search-label" for="q" id="search_label">Search</label>
  <div class="search-inner"><input type="search" class="search-input js-search-input" aria-labelledby="search_label" id="q" name="q" placeholder="Search NBC News"><button class="search-button" data-activity-map="header-button-11"><span
        class="search-button-icon"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" aria-labelledby="search_title">
          <title class="search_title">Search</title>
          <path fill-rule="evenodd" d="M13.773 11.649L20 17.876 17.876 20l-6.227-6.227a7.508 7.508 0 112.124-2.124zm-6.265.364a4.505 4.505 0 100-9.01 4.505 4.505 0 000 9.01z"></path>
        </svg></span></button></div>
</form>

Text Content

IE 11 is not supported. For an optimal experience visit our site on another
browser.
SKIP TO CONTENT
NBC News Logo
Sponsored By

 * Politics
 * U.S. News
 * Business
 * World
 * Tech
 * Health
 * Culture & Trends
 * NBC News Tipline

Watch Now


Leaked U.S. assessment includes warning about Russian hackers accessing
sensitive infrastructure

 * Share & Save —
 * 
 * 
 * 
 * 
 * 

Search
Search

Profile

 My NewsSign Out
 Sign InCreate your free profile

Sections

 * Coronavirus
 * U.S. News
 * Politics
 * World
 * Local
 * Business
 * Health
 * Investigations
 * Culture & Trends
 * Science
 * Sports
 * Tech & Media
 * Video Features
 * Photos
 * Weather
 * Select
 * Asian America
 * NBCBLK
 * NBC Latino
 * NBC OUT

tv

 * Today
 * Nightly News
 * MSNBC
 * Meet the Press
 * Dateline

Featured

 * NBC News Now
 * Better
 * Nightly Films
 * Stay Tuned
 * Special Features
 * Newsletters
 * Podcasts
 * Listen Now

More From NBC

 * CNBC
 * NBC.COM
 * NBCU Academy
 * NBC Learn
 * Peacock
 * NEXT STEPS FOR VETS
 * Parent Toolkit
 * NBC News Site Map
 * Help

Follow NBC News

 * 
 * 
 * 

Search
Search
 * Facebook
 * Twitter
 * Email
 * SMS
 * Print
 * Whatsapp
 * Reddit
 * Pocket
 * Flipboard
 * Pinterest
 * Linkedin

My NewsManage ProfileEmail PreferencesSign Out




Security


LEAKED U.S. ASSESSMENT INCLUDES WARNING ABOUT RUSSIAN HACKERS ACCESSING
SENSITIVE INFRASTRUCTURE

A Russian-speaking hacker group called Zarya broke into the computer network of
an unnamed Canadian gas distribution facility in February, according to the
leaked documents.

The home of the FSB, Russia's intelligence agency, in Moscow.Alexander
Zemlianichenko / AP file
Link copied
April 11, 2023, 8:24 PM UTC
By Kevin Collier

A leaked U.S. intelligence assessment includes a stark reminder of the threat
that hackers can pose to critical infrastructure. 

The assessment, which mostly focuses on Ukraine’s military effort against
Russian forces and is believed by a senior U.S. official to be authentic,
includes a warning that Russian hacktivists broke into a Canadian gas
infrastructure company this year and have received directions from Russian
intelligence. 




That access could provide a way to cause significant damage and possibly an
explosion, the assessment notes. Such an attack is considered extremely
difficult to pull off but remains among the intelligence community’s worst
fears. And though no such major attacks have been found just yet, experts say
they are an ever-present threat.

“It’s not the first time somebody’s gained access to critical infrastructure,”
said John Hultquist, the vice president for threat intelligence at the
cybersecurity company Mandiant, which is owned by Google. “It happens
constantly. The Russian intelligence services do it all the time.”

The hacktivists, a Russian-speaking group called Zarya, broke into the computer
network of an unnamed Canadian gas distribution facility in February and sent
Russia’s FSB intelligence agency screenshots of what it claimed were controls
“to increase valve pressure, disable alarms, and initiate an emergency operation
[that] would cause an explosion,” the U.S. assessment says.

NBC News has not verified that claim, and it is unclear what company was
involved. The official also said some of the documents may have been altered
before they were posted online, though this part of the assessment shows no
obvious signs of changes.



“If Zarya succeeded, it would mark the first time the IC has observed a
pro-Russia hacking group execute a disruptive attack against Western industrial
control systems,” the assessment says, using an abbreviation for the
intelligence community.

No such disaster appears to have happened. But the assessment illustrates both
how the U.S. worries about destructive hacks against Western energy
infrastructure and how Russian intelligence can rely on domestic criminal
hackers to work for them.

The assessment, marked Top Secret, comes from a cache of more than 50 pages of
classified documents that surfaced online in recent days after languishing in
obscure corners of the internet. U.S. officials have declined to comment on the
authenticity of specific documents, but one official told NBC News that they do
appear real. It’s unclear who originally leaked the documents or why.

The Zarya assessment was first reported by the journalist Kim Zetter. A
spokesperson for Russia’s embassy in Washington didn’t immediately respond to a
request for comment.



The U.S. generally views hacking to conduct espionage as a common tactic used by
all sides, while cyberattacks that cause physical destruction are seen as a
dramatic escalation.


DOZENS OF INTELLIGENCE DOCUMENTS ABOUT U.S. ADVERSARIES AND ALLIES LEAKED

April 10, 202301:54


“I think the big issue here is whether or not they decide to leverage that
access for some sort of disruptive or destructive attack,” Hultquist said.


RECOMMENDED

Social Media


SOCIAL MEDIAELON MUSK'S TWITTER DROPS GOVERNMENT-FUNDED MEDIA LABELS

Social Media


SOCIAL MEDIATWITTER FINALLY INSTITUTES MAJOR CHANGES TO VERIFICATION, REMOVING
LEGACY CHECK MARKS FROM ACCOUNTS

The Canadian Centre for Cyber Security declined to address the specific claim in
the U.S. assessment. But an agency spokesperson said it does worry about hackers
gaining access to critical infrastructure.

“We remain deeply concerned about this threat and urge critical infrastructure
owners and operators to get in touch with us to work together to protect their
systems,” the spokesperson said.



Lesley Carhart, who leads incident response in North America for Dragos, a
company that specializes in cybersecurity for industrial systems, said that they
found it believable that a hacktivist group like Zarya could have gotten access
to a gas distributor, but that it would have taken far more effort to actually
cause an explosion.



“A process like that has redundancy. Human controls. Digital and physical safety
controls. It’s designed to not explode even if someone makes a mistake,” Carhart
wrote in a text message.

Zarya is one of several pro-Russia hacker groups that frequently pester targets
related to NATO and Ukraine-allied countries. While they frequently knock
websites offline for a short period, they rarely display the capability to cause
serious damage. 

There are about 20 such groups, most of which have appeared in the past two
years, starting about when Russia began invading Ukraine, said Sergey Shykevich,
who tracks threat intelligence for the Israeli cybersecurity company Check Point
Software.



Zarya chronicles its exploits on its Telegram channel, where it mostly brags
about knocking sites offline. Its posts don’t mention an attack on Canadian
energy infrastructure, and the group has explicitly claimed to be unaffiliated
with the Russian government.

Chris Painter, the state department’s cyber ambassador in the Obama
administration, said that Russian intelligence does frequently lean on its rich
pool of domestic cybercriminals to achieve their goals.

“It’s one of the tools in their toolkit to use these proxies, because in a
sense, it evades direct responsibility,” Painter said. “They can always say,
'Well, it wasn’t us. It was a criminal group.'”

Kevin Collier

Kevin Collier is a reporter covering cybersecurity, privacy and technology
policy for NBC News.



 * About
 * Contact
 * Help
 * Careers
 * Ad Choices
 * Privacy Policy
 * Cookie Notice
 * CA Notice
 * Terms of Service
 * NBC News Sitemap
 * Advertise
 * Select Shopping
 * Select Personal Finance

© 2023 NBC UNIVERSAL

NBC News LogoMSNBC LogoToday Logo



WE AND OUR PARTNERS USE COOKIES ON THIS SITE TO IMPROVE OUR SERVICE, PERFORM
ANALYTICS, PERSONALIZE ADVERTISING, MEASURE ADVERTISING PERFORMANCE, AND
REMEMBER WEBSITE PREFERENCES. BY USING THE SITE, YOU CONSENT TO THESE COOKIES.
FOR MORE INFORMATION ON COOKIES INCLUDING HOW TO MANAGE YOUR CONSENT VISIT OUR
COOKIE POLICY.
CONTINUE


COOKIE NOTICE

This Cookie Notice (“Notice”) explains how NBCUniversal and its affiliates
(“NBCUniversal” or “we”), along with our partners, including advertisers and
vendors, use cookies and similar tracking technologies when you use our
websites, applications, such as games, interactive TV, voice-activated
assistants, and other services that link to this policy, as well as connected
devices, including those used in our theme parks (“Services”). This Notice
provides more information about these technologies, your choices, and is part of
the NBCUniversal Privacy Policy available here. You should read the Privacy
Policy and this Notice for a full picture of NBCUniversal’s use of your
information.

WHAT ARE COOKIES AND HOW ARE THEY USED?

Like many companies, we use cookies (small text files placed on your computer or
device) and other tracking technologies on the Services (referred to together
from this point forward as “Cookies”, unless otherwise stated), including HTTP
cookies, HTML5 and Flash local storage/flash cookies, web beacons/GIFs, embedded
scripts, ETags/cache browsers, and software development kits.

First-party Cookies

First-party Cookies are placed by us (including through the use of third-party
service providers) and are used to allow you to use the Services and their
features and to assist in analytics activities.

Third-party Cookies

Certain third parties may place their Cookies on your device and use them to
recognize your device when you visit the Services and when you visit other
websites or online services. These third parties collect and use this
information pursuant to their own privacy policies. Third-party Cookies enable
certain features or functionalities, and advertising, to be provided on the
Services.

Types of Cookies

The Services use the following types of first and third-party Cookies for these
purposes:

Strictly Necessary Cookies: These Cookies are required for Service
functionality, including for system administration, security and fraud
prevention, and to enable any purchasing capabilities. You can set your browser
to block these Cookies, but some parts of the site may not function properly.

Information Storage and Access: These Cookies allow us and our partners to store
and access information on the device, such as device identifiers.

Measurement and Analytics: These Cookies collect data regarding your usage of
and performance of the Services, apply market research to generate audiences,
and measure the delivery and effectiveness of content and advertising. We and
our third-party vendors use these Cookies to perform analytics, so we can
improve the content and user experience, develop new products and services, and
for statistical purposes. They are also used to recognize you and provide
further insights across platforms and devices for the above purposes.

Personalization Cookies: These Cookies enable us to provide certain features,
such as determining if you are a first-time visitor, capping message frequency,
remembering choices you have made (e.g., your language preferences, time zone),
and assist you with logging in after registration (including across platforms
and devices). These Cookies also allow your device to receive and send
information, so you can see and interact with ads and content.

Content Selection and Delivery Cookies: Data collected under this category can
also be used to select and deliver personalized content, such as news articles
and videos.

Ad Selection and Delivery Cookies: These Cookies are used to collect data about
your browsing habits, your use of the Services, your preferences, and your
interaction with advertisements across platforms and devices for the purpose of
delivering interest-based advertising content on the Services and on third-party
sites. Third-party sites and services also use interest-based Advertising
Cookies to deliver content, including advertisements relevant to your interests
on the Services and third-party services. If you reject these Cookies, you may
see contextual advertising that may be less relevant to you.

Social Media Cookies: These Cookies are set by social media platforms on the
Services to enable you to share content with your friends and networks. Social
media platforms have the ability to track your online activity outside of the
Services. This may impact the content and messages you see on other services you
visit.

We and third parties may associate Measurement And Analytics Cookies,
Personalization Cookies, Content Selection, Delivery Cookies, and Reporting, Ad
Selection, Delivery and Reporting Cookies, and Social Media Cookies with other
information we have about you.

COOKIE MANAGEMENT

Depending on where you live, you may be able to adjust your Cookie preferences
at any time via the “Cookie Settings” link in the footer of relevant websites.
You can also use the methods described below to manage Cookies. You must take
such steps on each browser or device that you use. If you replace, change or
upgrade your browser or device, or delete your cookies, you may need to use
these opt-out tools again. As some Cookie-management solutions also rely on
Cookies, please adjust your browser Cookie settings carefully, following the
relevant instructions below.

Browser Controls: You may be able to disable and manage some Cookies through
your browser settings. If you use multiple browsers on the same device, you will
need to manage your settings for each browser. Please click on any of the below
browser links for instructions:

Google Chrome
Apple Safari
Mozila Firefox
Microsoft Internet Explorer

If the browser you use is not listed above, please refer to your browser’s help
menu for information on how to manage Cookies. Please be aware that disabling
cookies will not disable other analytics tools we may use to collect information
about you or your use of our Services.

Analytics Provider Opt-Outs: To disable analytics Cookies you can use the
browser controls discussed above or, for some of our providers, you can use
their individual opt-out mechanisms:

Google’s Privacy Policy and Google Analytics Opt-Out
Omniture’s Privacy Policy and Omniture’s Opt-Out
Mixpanel’s Privacy Policy and Mixpanel’s Opt-Out

The above are examples of our analytics providers and this is not an exhaustive
list. We are not responsible for the effectiveness of any other providers’
opt-out mechanisms.

Flash Local Storage: These cookies are also known as local shared objects and
may be used to store your preferences or display content by us, advertisers and
other third-parties. Flash cookies need to be deleted in the storage section of
your Flash Player Settings Manager.

Interest-Based Advertising: Most third-party advertisers offer a way to opt out
of their interest-based advertising. For more information or to opt out of
receiving interest-based advertising from participating third-party advertisers,
depending on your country of residence, please visit:

Digital Advertising Alliance in the US
Digital Advertising Alliance of Canada
European Interactive Digital Advertising Alliance
Australian Digital Advertising Alliance

You can also opt out of some of the advertising providers we use by visiting
their opt-out pages:

Google’s Privacy Policy and Google Analytics Opt-Out Page
Facebook Privacy Policy and Facebook’s Opt-Out Page
Twitter Privacy Policy and Twitter’s Opt-Out Page
Liveramp’s Privacy Policy and Liveramp Opt-Out Page

These are examples of our advertising providers and this is not an exhaustive
list. In addition, we are not responsible for the effectiveness of any of these
providers’ opt-out mechanisms.

After you opt out, you will still see advertisements, but they may not be as
relevant to you.

Mobile Settings: You may manage the collection of information for interest-based
advertising purposes in mobile apps via the device’s settings, including
managing the collection of location data. To opt out of mobile ad tracking from
Nielsen or other third parties, you can do so by selecting the “Limit Ad
Tracking” (for iOS devices) or “Opt out of Ads Personalization” (for Android
devices) options in your device settings.

Connected Devices: For connected devices, such as smart TVs or streaming
devices, you should review the device’s settings and select the option that
allows you to disable automatic content recognition or ad tracking. Typically,
to opt out, such devices require you to select options like “limit ad tracking”
or to disable options such as “interest-based advertising,” “interactive TV,” or
“smart interactivity”. These settings vary by device type.

Cross-Device Tracking: If you would like to opt out of our browser-based
cross-device tracking for advertising purposes, you may do so by using the
various methods described above. You must opt out separately on each device and
each browser that you use. For more information about cross-device matching,
please visit the Network Advertising Initiative or the Digital Advertising
Alliance. If you opt out of cross-device tracking for advertising purposes, we
may still conduct cross-device tracking for other purposes, such as analytics.

Consequences of Deactivation of Cookies: If you disable or remove Cookies, some
parts of the Services may not function properly. Information may still be
collected and used for other purposes, such as research, online services
analytics or internal operations, and to remember your opt-out preferences.



CONTACT US

For inquiries about this Cookies Notice, please contact us at Privacy@nbcuni.com
or Chief Privacy Officer, NBCUniversal Legal Department, 30 Rockefeller Plaza,
New York, NY 10112, US.

For inquiries from users who reside in the European Economic Area, the United
Kingdom or Switzerland, please contact us at Privacy@nbcuni.com or Privacy,
Legal Department, Central Saint Giles, St Giles High Street, London, WC2H 8NU,
UK

CHANGES TO THIS NOTICE

This Notice may be revised occasionally and in accordance with legal
requirements. Please revisit this Cookie Notice regularly to stay informed about
our and our analytic and advertising partners’ use of Cookies.

STRICTLY NECESSARY COOKIES

Always Active

These Cookies are required for Service functionality, including security and
fraud prevention, and to enable any purchasing capabilities. You can set your
browser to block these Cookies, but some parts of the site may not function
properly.


BACK BUTTON PERFORMANCE COOKIES



Vendor Search Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Close