Dewa in China to woo renewable energy firms

U.S. Electricity Demand Decoupling signals GDP growth without higher load, driven by energy efficiency, LED adoption, services-led output, and rising renewables integration with the grid, plus EV charging and battery storage supporting decarbonization.

Key Points

GDP grows as electricity use stays flat, driven by efficiency, renewables, and a shift toward services and output.

✅ LEDs and codes cut residential and commercial load intensity.

✅ Wind, solar, and gas gain share as coal and nuclear struggle.

✅ EVs and storage can grow load and enable grid decarbonization.

By Justin Fox

Economic growth picked up a little in the U.S. in 2017. But electricity use fell, with electricity sales projections continuing to decline, according to data released recently by the Energy Information Administration. It's now been basically flat for more than a decade:

Measured on a per-capita basis, electricity use is in clear decline, and is already back to the levels of the mid-1990s.

Sources: U.S. Energy Information Administration, U.S. Bureau of Economic Analysis

*Includes small-scale solar generation from 2014 onward

I constructed these charts to go all the way back to 1949 in part because I can (that's how far back the EIA data series goes) but also because it makes clear what a momentous change this is. Electricity use rose and rose and rose and then ... it didn't anymore.

Slower economic growth since 2007 has been part of the reason, but the 2017 numbers make clear that higher gross domestic product no longer necessarily requires more electricity, although the Iron Law of Climate is often cited to suggest rising energy use with economic growth. I wrote a column last year about this big shift, and there's not a whole lot new to say about what's causing it: mainly increased energy efficiency (driven to a remarkable extent by the rise of LED light bulbs), and the continuing migration of economic activity away from making tangible things and toward providing services and virtual products such as games and binge-watchable TV series (that are themselves consumed on ever-more-energy-efficient electronic devices).

What's worth going over, though, is what this means for those in the business of generating electricity. The Donald Trump administration has made saving coal-fired electric plants a big priority; the struggles of nuclear power plants have sparked concern from multiple quarters. Meanwhile, U.S. natural gas production has grown by more than 40 percent since 2007, thanks to hydraulic fracturing and other new drilling techniques, while wind and solar generation keep making big gains in cost and market share. And this is all happening within the context of a no-growth electricity market.

In China, a mystery in China's electricity data has complicated global comparisons.

Here are the five main sources of electric power in the U.S.:

The big story over the past decade has been coal and natural gas trading places as the top fuel for electricity generation. Over the past year and a half coal regained some of that lost ground as natural gas prices rose from the lows of early 2016. But with overall electricity use flat and production from wind and solar on the rise, that hasn't translated into big increases in coal generation overall.

Oh, and about solar. It's only a major factor in a few states (California especially), so it doesn't make the top five. But it's definitely on the rise.

What happens next? For power generators, the best bet for breaking out of the current no-growth pattern is to electrify more of the U.S. economy, especially transportation. A big part of the attraction of electric cars and trucks for policy-makers and others is their potential to be emissions-free. But they're only really emissions-free if the electricity used to charge them is generated in an emissions-free manner -- creating a pretty strong business case for continuing "decarbonization" of the electric industry. It's conceivable that electric car batteries could even assist in that decarbonization by storing the intermittent power generated by wind and solar and delivering it back onto the grid when needed.

I don't know exactly how all this will play out. Nobody does. But the business of generating electricity isn't going back to its pre-2008 normal. 

Related News

• Electricity Forum News

• Power Generation News

Canada Electricity Grid Decarbonization advances net-zero goals by expanding renewable energy (wind, solar, hydro), boosting grid reliability with battery storage, and aligning policy, efficiency, and investment to cut emissions and strengthen energy security.

Key Points

Canada's shift to low-carbon power using renewables and storage to cut emissions and improve grid reliability.

✅ Invest in wind, solar, hydro, and transmission upgrades

✅ Deploy battery storage to balance intermittent generation

✅ Support just transition, jobs, and energy efficiency

As Canada moves towards a more sustainable future, decarbonizing its electricity grid has emerged as a pivotal goal. The transition aims to reduce greenhouse gas emissions, promote renewable energy sources, and ultimately support global climate targets, with cleaning up Canada's electricity widely viewed as critical to meeting those pledges. However, the implications of this transition are multifaceted, impacting the economy, energy reliability, and the lives of Canadians.

Understanding Decarbonization

Decarbonization refers to the process of reducing carbon emissions produced from various sources, primarily fossil fuels. In Canada, the electricity grid is heavily reliant on natural gas, coal, and oil, which contribute significantly to carbon emissions. The Canadian government has committed to achieving net-zero by 2050 through federal and provincial collaboration, with the electricity sector playing a crucial role in this initiative. The strategy includes increasing the use of renewable energy sources such as wind, solar, and hydroelectric power.

Economic Considerations

Transitioning to a decarbonized electricity grid presents both challenges and opportunities for Canada’s economy. On one hand, the initial costs of investing in renewable energy infrastructure can be substantial. This includes not only the construction of renewable energy plants but also the necessary upgrades to the grid to accommodate new technologies. According to the Fraser Institute analysis, these investments could lead to increased electricity prices, impacting consumers and businesses alike.

However, the shift to a decarbonized grid can also stimulate economic growth. The renewable energy sector is a rapidly growing industry that, as Canada’s race to net-zero accelerates, promises job creation in manufacturing, installation, and maintenance of renewable technologies. Moreover, as technological advancements reduce the cost of renewable energy, the long-term savings on fuel costs can benefit both consumers and businesses. The challenge lies in balancing these economic factors to ensure a smooth transition.

Reliability and Energy Security

A significant concern regarding the decarbonization of the electricity grid is maintaining reliability and energy security, especially as an IEA report indicates Canada will need substantially more electricity to achieve net-zero goals, requiring careful system planning.

To address this challenge, the implementation of energy storage solutions and grid enhancements will be essential. Advances in battery technology and energy storage systems can help manage supply and demand effectively, ensuring that energy remains available even during periods of low renewable output. Additionally, integrating a diverse mix of energy sources, including hydroelectric power, can enhance the reliability of the grid.

Social Impacts

The decarbonization process also carries significant social implications. Communities that currently depend on fossil fuel industries may face economic challenges as the transition progresses, and the Canadian Gas Association has warned of potential economy-wide costs for switching to electricity, underscoring the need for a just transition.

Furthermore, there is a need for public engagement and education on the benefits and challenges of decarbonization. Canadians must understand how changes in energy policy will affect their daily lives, from electricity prices to job opportunities. Fostering a sense of community involvement can help build support for renewable energy initiatives and ensure that diverse voices are heard in the planning process.

Policy Recommendations

For Canada to successfully decarbonize its electricity grid, and building on recent electricity progress across provinces nationwide, robust and forward-thinking policies must be implemented. This includes investment in research and development to advance renewable technologies and improve energy storage solutions. Additionally, policies should encourage public-private partnerships to share the financial burden of infrastructure investments.

Governments at all levels should also promote energy efficiency measures to reduce overall demand, making the transition more manageable. Incentives for consumers to adopt renewable energy solutions, such as solar panels, can further accelerate the shift towards a decarbonized grid.

Decarbonizing Canada's electricity grid presents a complex yet necessary challenge. While there are economic, reliability, and social considerations to navigate, the potential benefits of a cleaner, more sustainable energy future are substantial. By implementing thoughtful policies and fostering community engagement, Canada can lead the way in creating an electricity grid that not only meets the needs of its citizens but also contributes to global efforts in combating climate change.

Related News

• Electricity Forum News

• Climate Change News

U.S. Power Grid Cybersecurity combats DHS-FBI flagged threats to energy infrastructure, with PJM Interconnection using ICS/SCADA segmentation, phishing defenses, incident response, and resilience exercises against Russia-linked attacks and pipeline intrusions.

Key Points

Strategies, controls, and training that protect U.S. electric infrastructure from cyber threats and disruptions.

✅ ICS/SCADA network segmentation and zero-trust architecture

✅ Employee phishing drills and incident response playbooks

✅ DOE-led grid exercises and threat intelligence sharing

The joint alert from the FBI and Department of Homeland Security last month warning that Russia was hacking into critical U.S. energy infrastructure, as outlined in six essential reads on Russian hacks from recent coverage, came as no surprise to the nation’s largest grid operator, PJM Interconnection.

“You will never stop people from trying to get into your systems. That isn’t even something we try to do.” said PJM Chief Information Officer, Tom O’Brien. “People will always try to get into your systems. The question is, what controls do you have to not allow them to penetrate? And how do you respond in the event they actually do get into your system?”

PJM is the regional transmission organization for 65 million people, covering 13 states, including Pennsylvania, and Washington D.C.

On a rainy day in early April, about 10 people were working inside PJM’s main control center, outside Philadelphia, closely monitoring floor-to-ceiling digital displays showing real-time information from the electric power sector throughout PJM’s territory in the mid-Atlantic and parts of the midwest, amid reports that hackers accessed control rooms at U.S. utilities.

#google#

Donnie Bielak, a reliability engineering manager, was overseeing things from his office, perched one floor up.

“This is a very large, orchestrated effort that goes unnoticed most of the time,” Bielak said. “That’s a good thing.”

But the industry certainly did take notice in late 2015 and early 2016, when hackers successfully disrupted power to the Ukrainian grid. The outages lasted a few hours and affected about 225,000 customers. It was the first publicly-known case of a cyber attack causing major disruptions to a power grid. It was widely blamed on Russia.

One of the many lessons of the Ukraine attacks was a reminder to people who work on critical infrastructure to keep an eye out for odd communications.

“A very large percentage of entry points to attacks are coming through emails,” O’Brien said. “That’s why PJM, as well as many others, have aggressive phishing campaigns. We’re training our employees.”

O’Brien doesn’t want to get into specifics about how PJM deals with cyber threats. But one common way to limit exposure is by having separate systems: For example, industrial controls in a power plant are not connected to corporate business networks, a separation underscored after breaches at U.S. power plants prompted reviews across the sector.

Since 2011, North American grid operators and government agencies have also done large, security exercises every two years. Thousands of people practice how they’d respond to a coordinated physical or cyber event, including rising substation attacks that highlight resilience gaps.

So far, nothing like that has happened in the U.S. It’s possible, but not likely, according to Robert M. Lee, a former military intelligence analyst, who runs the industrial cybersecurity firm Dragos.

“The more complex the system, the harder it is to have a scalable attack,” said Lee, who co-authored a report analyzing the Ukraine attacks. “If you wanted to take out a power generation station– that isn’t the most complex thing. Let’s say you cause an hour of outage. But now you want to cause two months of outages? That’s an exponential increase in effort required.”

For example, he said, it would very difficult for hackers to knock out power to the entire east coast for a long time. But briefly disrupting a major city is easier. That’s the sort of thing that keeps him up at night.

“I worry about an adversary getting into, maybe, Washington D.C.’s portion of the grid, taking down power for 30 minutes,” he said.

The Department of Energy is creating a new office focused on cybersecurity and emergency response, following the U.S. government’s condemnation of power grid hacking by Russia.

Deterrence may be one reason why there has not yet been a major attack on the U.S. grid, said John MacWilliams, a former senior DOE official who’s now a fellow at Columbia University’s Center on Global Energy Policy.

“That’s obviously an act of war,” he said. “We have the capability of responding either through cyber mechanisms or kinetic military.”

In the meantime, small-scale incidents keep happening.

This spring, another cyber attack targeted natural gas pipelines. Four companies shut down their computer systems, just in case, but they say no service was disrupted.

Related News

• Electricity Forum News

• Grid Technologies News

Maryland Community Solar Program enables renters and condo residents to subscribe to offsite solar, earn utility bill discounts, and support projects across BGE, Pepco, Delmarva, and Potomac Edison territories, with low to moderate income participation.

Key Points

A pilot allowing residents to subscribe to offsite solar and get bill credits and savings, regardless of home ownership.

✅ 5-10 percent discounts on standard utility rates

✅ Available in BGE, Pepco, Delmarva, Potomac Edison areas

✅ Includes low and moderate income subscriber carve-outs

Maryland has launched a pilot program that will allow anyone to power their home with solar panels — even if they are renters or condo-dwellers, or live in the shade of trees.

Solar developers are looking for hundreds of residents to subscribe to six power projects planned across the state, including recently announced sites in Owings Mills and Westminster. Their offers include discounts on standard electric rates.

The developers need a critical mass of customers who are willing to buy the projects’ electricity before they can move forward with plans to install solar panels on about 80 acres. Under state rules, the customer base must include low- and moderate-income residents, many of whom face energy insecurity challenges.

The idea of the community solar program is to tap into the pool of residential customers who don’t want to get their energy from fossil fuels but currently have no way to switch to a cleaner alternative.

That could significantly expand demand for solar projects, said Gary Skulnik, a longtime Maryland solar entrepreneur.

Skulnik is now CEO of Neighborhood Sun, a company recruiting customers for the six projects.

“You’re signing up for a project that won’t exist unless we get enough subscribers,” Skulnik said. “You’re actually getting a new project built.”

It could also stoke simmering conflicts over what sort of land is appropriate for solar development.

The General Assembly authorized the community solar pilot program in 2015. But not-in-my-backyard opposition and concerns about the loss of agricultural land have slowed progress.

Community solar could force more communities to confront those sorts of clashes — and to consider more carefully where solar farms belong.

“We are going to see a lot more solar development in the state,” said Megan Billingsley, assistant director of the Valleys Planning Council in Baltimore County. “One of the things we haven’t seen is any direction or thoughtful planning on where we want to see solar development.”

The General Assembly authorized about 200 megawatts in community solar projects — enough to power about 40,000 households — over three years.

Customers can sign up for projects built within the territory of their electric utility. About half of that solar energy load has been allotted for the region served by Baltimore Gas and Electric Co.

By subscribing to a community solar project, customers won’t actually be getting their electricity from its photovoltaic panels. But their payments will help finance it and, in some cases, complementary battery storage solutions as well.

The Public Service Commission has approved six projects so far: Two in BGE territory, in Owings Mills and near Westminster; one in Pepco territory, in Prince George’s County; two in Delmarva Power and Light territory, in Caroline and Worcester counties; and one in Potomac Edison territory, in Washington County where planning officials have developed proposed recommendations.

More projects are expected to win approval in the next two years.

But none of them can be built unless they catch on with electricity customers. The developers are looking for 2,600 customers statewide.

Skulnik would not say how many customers an individual project needs to get the green light. But he said that the Prince George’s proposal, a 25-acre array atop a Fort Washington landfill is the closest, with about 100 subscribers so far.

The terms of subscription vary by project, but discounts range from 5 percent to 10 percent off utility rates. Customers are asked to commit to the projects for as long as 25 years. (They can break the contracts with advance notice, or if they move to a different utility service area.)

Maryland joins more than a dozen states in advancing community solar projects, as scientists work to improve solar and wind power technology.

Corey Ramsden is an executive for Solar United Neighbors, a nonprofit that promotes the solar industry in eight states and the District of Columbia.

He said potential customers are often confused by the mechanics of subscribing to community solar, or hesitant to commit for years or even decades. The industry is working to answer questions and get people more comfortable with the idea, he said.

But it has been a challenge across the country, including debates over New England grid upgrades, and in Maryland. Advocates for solar say there is broad support for renewable energy generation. The state has set goals to increase green energy use and reduce greenhouse gas emissions.

Still, many Marylanders don’t welcome the reality when a project attempts to move in.

Rural land is often the most desirable for solar developers, because it requires the least effort to prepare for an array of panels. But community groups in those areas have asked whether land historically used for farming is right for a more industrial use.

“People are very much in favor of going for a lot more renewables, for whatever reason,” said Dru Schmidt-Perkins, the former president of the land conservation group 1,000 Friends of Maryland. “That support comes to a screeching halt when land that is perceived to be valuable for other things, whether a historic view­shed or farming, suddenly becomes a target of a location for this new project.”

Such concerns have at least temporarily stalled the momentum for solar across the state. Anne Arundel County had at least five small community solar projects in the pipeline in December when officials decided to pause development for eight months. Baltimore County officials imposed a four-month moratorium on solar development before passing an ordinance last year to limit the size and number of solar farms.

Billingsley said the Valley Plannings Council, which advocates for historic and rural areas in western Baltimore County, is frustrated that there hasn’t been more discussion about which areas the county should target for solar development — and which it shouldn’t.

She said she fears that pressure to expand solar farms across rural lands is only going to grow as community solar projects launch, and as lawmakers in Annapolis talk about more policies to promote investment in renewable energy.

Schmidt-Perkins called community solar “an amazing program” for those who would install solar panels on their roofs if they could. But she said its launch heightens the importance of discussions about a broader solar strategy.

“Most communities are caught a little flat-footed on this and are somewhat at the mercy of an industry that’s chomping at the bit,” she said. “It’s time for Maryland to say, ‘Okay, let’s come up with our plan so that we know how much solar can we really generate in this state on lands that are not conflict-based.’”

Related News

• Electricity Forum News

• Renewable Energy News

ICT Electricity Demand is surging as data centers, 5G, IoT, and server farms expand, straining grids, boosting carbon emissions, and challenging climate targets unless efficiency, renewable energy, and smarter cooling dramatically improve.

Key Points

ICT electricity demand is power used by networks, devices, and data centers across the global communications sector.

✅ Projected to reach up to 20 percent of global electricity by 2025

✅ Driven by data centers, 5G traffic, IoT, and high-res streaming

✅ Mitigation: efficiency, renewable PPAs, advanced cooling, workload shifts

The communications industry could use 20% of all the world’s electricity by 2025, hampering attempts to meet climate change targets, even as countries like New Zealand's electrification plans seek broader decarbonization, and straining grids as demand by power-hungry server farms storing digital data from billions of smartphones, tablets and internet-connected devices grows exponentially.

The industry has long argued that it can considerably reduce carbon emissions by increasing efficiency and reducing waste, but academics are challenging industry assumptions. A new paper, due to be published by US researchers later this month, will forecast that information and communications technology could create up to 3.5% of global emissions by 2020 – surpassing aviation and shipping – and up to 14% 2040, around the same proportion as the US today.

Global computing power demand from internet-connected devices, high resolution video streaming, emails, surveillance cameras and a new generation of smart TVs is increasing 20% a year, consuming roughly 3-5% of the world’s electricity in 2015, says Swedish researcher Anders Andrae.

In an update o a 2016 peer-reviewed study, Andrae found that without dramatic increases in efficiency, the ICT industry could use 20% of all electricity and emit up to 5.5% of the world’s carbon emissions by 2025. This would be more than any country, except China, India and the USA, where China's data center electricity use is drawing scrutiny.

He expects industry power demand to increase from 200-300 terawatt hours (TWh) of electricity a year now, to 1,200 or even 3,000TWh by 2025. Data centres on their own could produce 1.9 gigatonnes (Gt) (or 3.2% of the global total) of carbon emissions, he says.

“The situation is alarming,” said Andrae, who works for the Chinese communications technology firm Huawei. “We have a tsunami of data approaching. Everything which can be is being digitalised. It is a perfect storm. 5G [the fifth generation of mobile technology] is coming, IP [internet protocol] traffic is much higher than estimated, and all cars and machines, robots and artificial intelligence are being digitalised, producing huge amounts of data which is stored in data centres.”

US researchers expect power consumption to triple in the next five years as one billion more people come online in developing countries, and the “internet of things” (IoT), driverless cars, robots, video surveillance and artificial intelligence grows exponentially in rich countries.

The industry has encouraged the idea that the digital transformation of economies and large-scale energy efficiencies will slash global emissions by 20% or more, but the scale and speed of the revolution has been a surprise.

Global internet traffic will increase nearly threefold in the next five years says the latest Cisco Visual Networking Index, a leading industry tracker of internet use.

“More than one billion new internet users are expected, growing from three billion in 2015 to 4.1bn by 2020. Over the next five years global IP networks will support up to 10bn new devices and connections, increasing from 16.3bn in 2015 to 26bn by 2020,” says Cisco.

A 2016 Berkeley laboratory report for the US government estimated the country’s data centres, which held about 350m terabytes of data in 2015, could together need over 100TWh of electricity a year by 2020. This is the equivalent of about 10 large nuclear power stations.

Data centre capacity is also rocketing in Europe, where the EU's plan to double electricity use by 2050 could compound demand, and Asia with London, Frankfurt, Paris and Amsterdam expected to add nearly 200MW of consumption in 2017, or the power equivalent of a medium size power station.

“We are seeing massive growth of data centres in all regions. Trends that started in the US are now standard in Europe. Asia is taking off massively,” says Mitual Patel, head of EMEA data centre research at global investment firm CBRE.

“The volume of data being handled by such centres is growing at unprecedented rates. They are seen as a key element in the next stage of growth for the ICT industry”, says Peter Corcoran, a researcher at the university of Ireland, Galway.

Using renewable energy sounds good but no one else benefits from what will be generated, and it skews national attempts to reduce emissions

Ireland, which with Denmark is becoming a data base for the world’s biggest tech companies, has 350MW connected to data centres but this is expected to triple to over 1,000MW, or the equivalent of a nuclear power station size plant, in the next five years.

Permission has been given for a further 550MW to be connected and 750MW more is in the pipeline, says Eirgrid, the country’s main grid operator.

“If all enquiries connect, the data centre load could account for 20% of Ireland’s peak demand,” says Eirgrid in its All-Island Generation Capacity Statement 2017-2026  report.

The data will be stored in vast new one million square feet or larger “hyper-scale” server farms, which companies are now building. The scale of these farms is huge; a single $1bn Apple data centre planned for Athenry in Co Galway, expects to eventually use 300MW of electricity, or over 8% of the national capacity and more than the daily entire usage of Dublin. It will require 144 large diesel generators as back up for when the wind does not blow.

 Facebook’s Lulea data centre in Sweden, located on the edge of the Arctic circle, uses outside air for cooling rather than air conditioning and runs on hydroelectic power generated on the nearby Lule River. Photograph: David Levene for the Guardian

Pressed by Greenpeace and other environment groups, large tech companies with a public face , including Google, Facebook, Apple, Intel and Amazon, have promised to use renewable energy to power data centres. In most cases they are buying it off grid but some are planning to build solar and wind farms close to their centres.

Greenpeace IT analyst Gary Cook says only about 20% of the electricity used in the world’s data centres is so far renewable, with 80% of the power still coming from fossil fuels.

“The good news is that some companies have certainly embraced their responsibility, and are moving quite aggressively to meet their rapid growth with renewable energy. Others are just growing aggressively,” he says.

Architect David Hughes, who has challenged Apple’s new centre in Ireland, says the government should not be taken in by the promises.

“Using renewable energy sounds good but no one else benefits from what will be generated, and it skews national attempts to reduce emissions. Data centres … have eaten into any progress we made to achieving Ireland’s 40% carbon emissions reduction target. They are just adding to demand and reducing our percentage. They are getting a free ride at the Irish citizens’ expense,” says Hughes.

Eirgrid estimates indicate that by 2025, one in every 3kWh generated in Ireland could be going to a data centre, he added. “We have sleepwalked our way into a 10% increase in electricity consumption.”

Fossil fuel plants may have to be kept open longer to power other parts of the country, and manage issues like SF6 use in electrical equipment, and the costs will fall on the consumer, he says. “We will have to upgrade our grid and build more power generation both wind and backup generation for when the wind isn’t there and this all goes onto people’s bills.”

Under a best case scenario, says Andrae, there will be massive continuous improvements of power saving, as the global energy transition gathers pace, renewable energy will become the norm and the explosive growth in demand for data will slow.

But equally, he says, demand could continue to rise dramatically if the industry keeps growing at 20% a year, driverless cars each with dozens of embedded sensors, and cypto-currencies like Bitcoin which need vast amounts of computer power become mainstream.

“There is a real risk that it all gets out of control. Policy makers need to keep a close eye on this,” says Andrae.

Related News

• Electricity Forum News

• Climate Change News

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News