Security authorities warn of Russian espionage with IP cameras
International security authorities have issued an urgent warning to operators of critical infrastructure about Russian actors.
There are also data protection regulations for surveillance cameras. They are not always complied with.
(Image: sxc.hu)
Suspected employees of the Russian military intelligence service GRU have gained access to networks and IP cameras of critical infrastructure operators (KRITIS). The NSA, FBI, the German Federal Intelligence Service (BND) and the Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) are among those reporting this. In an interview with heise online, BSI President Claudia Plattner warns that these are preparatory acts for sabotage.
According to a statement from the authorities, companies in the logistics sector are particularly affected. Attackers from the APT-28 group (aka "Fancy Bear", known for an attack on the SPD, among other things), which according to Western services is a unit of the Russian military intelligence service GRU, have struck here. The attackers had scouted out potential weaknesses in physical security, and there had been attempts to attack more than 10,000 cameras.
The authorities did not say whether this refers to the same logistics companies that were affected by the arson packages discovered last year, for example. Cameras in Ukraine, Romania, Poland and Hungary in particular had been attacked. The Ukrainian intelligence service had already warned of such attacks last year after becoming aware of two cases. BSI President Claudia Plattner urges German companies to take the warning seriously and to check whether they are affected. "We have a very high number of unreported cases," she says in an interview with heise security. "Attackers who position themselves in our critical infrastructures do so so that they can strike quickly and take control in a later case."
Plattner: Preparations for sabotage
(Image:Â BSI)
The attacks are linked to clear objectives, says Plattner: "We are definitely talking about preparations for sabotage as a remote target, and we have to take this incredibly seriously." However, Plattner does not believe that IP cameras are the only devices affected alongside other network infrastructures and user accounts: "It's quite a wide range, and cameras are a comparatively easy but terribly effective target. But you have to assume that other components are also affected."
The Federal Office for Information Security has published a joint advisory from the security authorities on its website. It provides guidance on how to detect and contain attacks as well as indicators of compromise (IoC) for successful attacks on your own network.
(wpl)
