New Russian Threat Group Hacks Into U.S. Oil and Gas Facilities

Cyble dark web researchers have identified a new pro-Russian hacktivist group that’s been hacking into oil and gas facility control panels in the U.S.

Cyble detailed two claims by the new “Sector 16” group that members hacked into control panels in energy facilities and tampered with system control settings. The new Russian threat group has been working with another pro-Russian group – Z-Pentest – which has been hacking into critical water and energy infrastructure since last year.

Dramatic Videos Detail Control Panel Hacks

Like Z-Pentest, Sector 16 has been posting screen recordings of its exploits to underground forums and channels, continuing a trend of Russian hacktivists posting videos of their members tampering with critical infrastructure control panels.

Cyble speculated that that the videos may be “more to establish credibility or threaten than to inflict actual damage, although in one case Z-Pentest claimed to disrupt a U.S. oil well system.”

In one incident, Sector 16 teamed with Z-Pentest to hack into a supervisory control and data acquisition (SCADA) system managing oil pumps and storage tanks in Texas. The groups posted a video showing the system interface, including real-time data on tank levels, pump pressures, casing pressures, and alarm management features.

The logos of both groups were embedded into the video, suggesting a close alliance between the two groups, Cyble said (image below).

Sector 16 later claimed sole responsibility for hacking into the control systems of a U.S. oil and gas production facility, and released a video “purportedly demonstrating their access to the facility’s operational data and systems,” Cyble said.

The video showed “control interfaces associated with the monitoring and management of critical infrastructure,” the Cyble report said.

The system controls included shutdown management, production monitoring, tank level readings, gas lift operations, and Lease Automatic Custody Transfer (LACT) data, “all critical components in the facility’s operations. Additionally, they were also able to access valve control interfaces, pressure monitoring, and flow measurement data, highlighting the potential extent of access.”

U.S. cybersecurity officials have been concerned about critical infrastructure threats from adversaries like Russia and China, but critical sectors like energy, healthcare and transportation remain vulnerable to attack.

Pro-Islamic Groups Launch DDoS Attacks on U.S. Government

Cyble also examined claims of DDoS attacks on the U.S. government by pro-Islamic hacktivists like Mr. Hamza, which united with Z-Pentest and other pro-Russian groups in European attacks in December.

Mr. Hamza teamed with Velvet Team in DDoS attacks on U.S. government and military platforms, Cyble said, noting that targeted systems included a U.S. Army development and communications network, an FBI portal for bank robbery information, and the United States Africa Command’s official platform.

Such motivated threat groups – willing to work across ideological lines to advance their goals – poses substantial risks to critical infrastructure in dire need of stronger cybersecurity protections.

The Cyble dark web report also detailed recent ransomware and data breach claims made by threat actors.