VKG hit by cyberespionage

30th March 2017, 15:27

Please note that the article is more than five years old and belongs to our archive. We do not update the content of the archives, so it may be necessary to consult newer sources.

Servers of one of Estonia's biggest oil shale companies Viru Keemia Grupp (VKG) hosted malware associated with Russian foreign military intelligence GRU.

Suspicious traffic was monitored in the company's network last year that led to the discovery of Mimikatz software used to collect identity keys, like passwords and password hashes, in Windows systems. The inspection also came across backdoor software used to connect to a control server, a report by the State Information System Authority reveals.

„The existence of this malware allows an attacker to access information stored in the system and meddle in management of services, for example production facilities,“ said Deputy Director of RIA Toomas Vaks. He said that VKG is a company of considerable regional importance that offers a vital service. „RIA is tasked with the cybersecurity of vital services in Estonia, and we take these kinds of incidents very seriously,“ he said. „Cyberattacks against vital services, like the assault on Ukraine's power grid during Christmas of 2015, could endanger the property, health, and lives of hundreds of thousands of people,“ Vaks added.

„Luckily we have no information to suggest the incident at VKG directly jeopardized the functionality of a vital service; however, such a scenario cannot be ruled out in a situation where potential attackers have access to control systems.“ RIA said that both VKG's web traffic and pieces of malware found in computers suggest an orchestrated attack. The malware and control server used have been associated with cyberespionage group APT28, which cyberespionage circles believe could be linked to GRU.

„It is possible this particular software is also used by cybercriminals. However, RIA has no information regarding the persons and motives behind the attack, whereas providing such assessments isn't our task,“ Vaks said.

CEO of VKG Ahti Asmann said when commenting on the incident that the attack was in no way active and did not affect the company's work. „It is just a question of risks and their potential materialization. However, that is a comment you will have to get from the information system watchdog,“ Asmann said. He could not say why the company's servers could have been infected with the malware. „There is always something going on in our field, and new dangers crop up. We have identified these things by today and will move on with our work,“ he said.

VKG hit by cyberespionage

Vambola PaavoEstonia needs a restart in the economy

Baltic speakers to speaker of House of Representatives: US aid to Ukraine is indispensable

EDITORIALElephant in the Riigikogu

Pro-Russian singer banned from entering Estonia ahead of scheduled performance in Tallinn

VOX POPULI OF PARTIESWhat can the new government of Tallinn realistically accomplish before next year's local elections?

Estonian MP to cycle from Tallinn to Kyiv for charity

VOX POPULI OF PARTIESWhat can the new government of Tallinn realistically accomplish before next year's local elections?

POSTIMEES IN UKRAINEEstonia knows where to purchase two billion euros' worth of shells for Ukraine

ERKKI KOORTEstonia needs a concept for hybrid attack

ISS says actions of Russian intelligence services have become more intense

Tallinn City Council elects Ossinovski as mayor

RAIT MARUSTEThere's no requirement in Constitution to amend it to restrict the voting rights of non-citizens

Terms