REV Campus Challenge Receives $2 MILLION in Funding

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News

Canada Electricity Grid Decarbonization advances net-zero goals by expanding renewable energy (wind, solar, hydro), boosting grid reliability with battery storage, and aligning policy, efficiency, and investment to cut emissions and strengthen energy security.

Key Points

Canada's shift to low-carbon power using renewables and storage to cut emissions and improve grid reliability.

✅ Invest in wind, solar, hydro, and transmission upgrades

✅ Deploy battery storage to balance intermittent generation

✅ Support just transition, jobs, and energy efficiency

As Canada moves towards a more sustainable future, decarbonizing its electricity grid has emerged as a pivotal goal. The transition aims to reduce greenhouse gas emissions, promote renewable energy sources, and ultimately support global climate targets, with cleaning up Canada's electricity widely viewed as critical to meeting those pledges. However, the implications of this transition are multifaceted, impacting the economy, energy reliability, and the lives of Canadians.

Understanding Decarbonization

Decarbonization refers to the process of reducing carbon emissions produced from various sources, primarily fossil fuels. In Canada, the electricity grid is heavily reliant on natural gas, coal, and oil, which contribute significantly to carbon emissions. The Canadian government has committed to achieving net-zero by 2050 through federal and provincial collaboration, with the electricity sector playing a crucial role in this initiative. The strategy includes increasing the use of renewable energy sources such as wind, solar, and hydroelectric power.

Economic Considerations

Transitioning to a decarbonized electricity grid presents both challenges and opportunities for Canada’s economy. On one hand, the initial costs of investing in renewable energy infrastructure can be substantial. This includes not only the construction of renewable energy plants but also the necessary upgrades to the grid to accommodate new technologies. According to the Fraser Institute analysis, these investments could lead to increased electricity prices, impacting consumers and businesses alike.

However, the shift to a decarbonized grid can also stimulate economic growth. The renewable energy sector is a rapidly growing industry that, as Canada’s race to net-zero accelerates, promises job creation in manufacturing, installation, and maintenance of renewable technologies. Moreover, as technological advancements reduce the cost of renewable energy, the long-term savings on fuel costs can benefit both consumers and businesses. The challenge lies in balancing these economic factors to ensure a smooth transition.

Reliability and Energy Security

A significant concern regarding the decarbonization of the electricity grid is maintaining reliability and energy security, especially as an IEA report indicates Canada will need substantially more electricity to achieve net-zero goals, requiring careful system planning.

To address this challenge, the implementation of energy storage solutions and grid enhancements will be essential. Advances in battery technology and energy storage systems can help manage supply and demand effectively, ensuring that energy remains available even during periods of low renewable output. Additionally, integrating a diverse mix of energy sources, including hydroelectric power, can enhance the reliability of the grid.

Social Impacts

The decarbonization process also carries significant social implications. Communities that currently depend on fossil fuel industries may face economic challenges as the transition progresses, and the Canadian Gas Association has warned of potential economy-wide costs for switching to electricity, underscoring the need for a just transition.

Furthermore, there is a need for public engagement and education on the benefits and challenges of decarbonization. Canadians must understand how changes in energy policy will affect their daily lives, from electricity prices to job opportunities. Fostering a sense of community involvement can help build support for renewable energy initiatives and ensure that diverse voices are heard in the planning process.

Policy Recommendations

For Canada to successfully decarbonize its electricity grid, and building on recent electricity progress across provinces nationwide, robust and forward-thinking policies must be implemented. This includes investment in research and development to advance renewable technologies and improve energy storage solutions. Additionally, policies should encourage public-private partnerships to share the financial burden of infrastructure investments.

Governments at all levels should also promote energy efficiency measures to reduce overall demand, making the transition more manageable. Incentives for consumers to adopt renewable energy solutions, such as solar panels, can further accelerate the shift towards a decarbonized grid.

Decarbonizing Canada's electricity grid presents a complex yet necessary challenge. While there are economic, reliability, and social considerations to navigate, the potential benefits of a cleaner, more sustainable energy future are substantial. By implementing thoughtful policies and fostering community engagement, Canada can lead the way in creating an electricity grid that not only meets the needs of its citizens but also contributes to global efforts in combating climate change.

Related News

• Electricity Forum News

• Climate Change News

Hong Kong Electricity Tariff Increase reflects a projected 1-2% rise as HK Electric and CLP Power shift to cleaner fuel and natural gas, expand gas-fired units and LNG terminals, and adjust the fuel clause charge.

Key Points

An expected 1-2% 2018 rise from cleaner fuel, natural gas projects, asset growth, and shrinking fuel cost surpluses.

✅ Expected 1-2% rise amid cleaner fuel and gas shift

✅ Fuel clause charge and asset expansion pressure prices

✅ HK Electric and CLP Power urged to use surpluses prudently

Hong Kong customers have been asked to expect higher electricity bills next year, as seen with BC Hydro rate increases in Canada, with a member of a government panel on energy policy anticipating an increase in tariffs of one or two per cent.

The environment minister, Wong Kam-sing, also hinted they should be prepared to dig deeper into their pockets for electricity, as debates over California electric bills illustrate, in the wake of power companies needing to use more expensive but cleaner fuel to generate power in the future.

HK Electric supplies power to Hong Kong Island, Lamma Island and Ap Lei Chau. Photo: David Wong

The city’s two power companies, HK Electric and CLP Power, are to brief lawmakers on their respective annual tariff adjustments for 2018, amid Ontario electricity price pressures drawing international attention, at a Legislative Council economic development panel meeting on Tuesday.

HK Electric supplies electricity to Hong Kong Island and neighbouring Lamma Island and Ap Lei Chau, while CLP Power serves Kowloon and the New Territories, including Lantau Island.

Wong said on Monday: “We have to appreciate that when we use cleaner fuel, there is a need for electricity tariffs to keep pace. I believe it is the hope of mainstream society to see a low-carbon and healthier environment.”

Secretary for the Environment Wong Kam-sing believes most people desire a low-carbon environment. Photo: Sam Tsang

But he declined to comment on how much the tariffs might rise.

World Green Organisation chief executive William Yu Yuen-ping, also a member of the Energy Advisory Committee, urged the companies to better use their “overflowing” surpluses in their fuel cost recovery accounts.

Tariffs are comprised of two components: a basic amount reflecting a company’s operating costs and investments, and the fuel clause charge, which is based on what the company projects it will pay for fuel for the year.

William Yu of World Green Organisation says the companies should use their surpluses more carefully. Photo: May Tse

Critics have claimed the local power suppliers routinely overestimate their fuel costs and amass huge surpluses.

In recent years, the two managed to freeze or cut their tariffs thanks to savings from lower fuel costs. Last year, HK Electric offered special rebates to its customers, which saw its tariff drop by 17.2 per cent. CLP Power froze its own charge for 2017.

Yu said the two companies should use the surpluses “more carefully” to stabilise tariffs.

Rise after fall in Hong Kong electricity use linked to subsidies

“We estimate a big share of the surplus has been used up and so the honeymoon period is over.”

Based on his group’s research, Yu believed the tariffs would increase by one or two per cent.

Economist and fellow committee member Billy Mak Sui-choi said the expansion of the power companies’ fixed asset bases, such as building new gas-fired units and offshore liquefied natural gas terminals, a pattern reflected in Nova Scotia's 14% rate hike recently approved by regulators, would also cause tariffs to rise.

To fight climate change and improve air quality, the government has pledged to cut carbon intensity by between 50 and 60 per cent by 2020. Officials set a target of boosting the use of natural gas for electricity generation to half the total fuel mix from 2020.

Both power companies are privately owned and monitored by the government through a mutually agreed scheme of control agreements, akin to oversight seen under the UK energy price cap in other jurisdictions. These require the firms to seek government approval for their development plans, including their projected basic tariff levels.

At present, the permitted rate of return on their net fixed assets is 9.99 per cent. The deals are due to expire late next year.

Earlier this year, officials reached a deal with the two companies on the post-2018 scheme, settling on a 15-year term. The new agreements slash their permitted rate of return to 8 per cent.

Related News

• Electricity Forum News

• Energy Policy News

Manitoba Hydro rate hikes face public hearings over electricity rates, utility bills, and debt, with impacts on low-income households, Indigenous communities, and Winnipeg services amid credit rating pressure and rising energy costs.

Key Points

Manitoba Hydro seeks 7.9% annual increases to stabilize finances and debt, impacting electricity costs for households.

✅ Proposed hikes: 7.9% yearly through 2023/24

✅ Driven by debt, credit rating declines, rising interest

✅ Disproportionate impact on low-income and Indigenous communities

Hearings began Monday into Manitoba Hydro’s request for consecutive annual rate hikes of 7.9 per cent.  The crown corporation is asking for the steep hikes to commence April 1, 2018.

The increases would continue through 2023/2024, under a multi-year rate plan before dropping to what Hydro calls “sustainable” levels.

Patti Ramage, legal counsel for Hydro, said while she understands no one welcomes the “exceptional” rate increases, the company is dealing with exceptional circumstances.

It’s the largest rate increase Hydro has ever asked for, though a scaled-back increase was discussed later, saying rising debt and declining credit ratings are affecting its financial stability.

President and CEO Kelvin Shepherd said Hydro is borrowing money to fund its interest payments, and acknowledged that isn’t an effective business model.

Hydro’s application states that it will be spending up to 63 per cent of its revenue on paying financial expenses if the current request for rate hikes is not approved.

If it does get the increase it wants, that number could shrink to 45 per cent – which Ramage says is still quite high, but preferable to the alternative.

She cited the need to take immediate action to fix Hydro’s finances instead of simply hoping for the best.

“The worst thing we can do is defer action… that’s why we need to get this right,” Ramage said.

A number of intervenors presented varying responses to Hydro’s push for increased rates, with many focusing on how the hikes would affect Manitobans with lower incomes.

Senwung Luk spoke on behalf of the Assembly of Manitoba Chiefs, and said the proposed rates would hit First Nations reserves particularly hard.

He noted that 44.2 per cent of housing on reserves in the province needs significant improvement, which means electricity use tends to be higher to compensate for the lower quality of infrastructure.

Luk says this problem is compounded by the higher rates of poverty in Indigenous populations, with 76 per cent of children on reserves in Manitoba living below the poverty line.

If the increase goes forward, he said the AMC hopes to see a reduced rate for those living on reserves, despite a recent appeal court ruling on such pricing.

Byron Williams, speaking on behalf of the Consumers Coalition, said the 7.9 per cent increase unreasonably favours the interests of Hydro, and is unjustly biased against virtually everyone else.

In Saskatchewan, the NDP criticized an SaskPower 8 per cent rate hike as unfair to customers, highlighting regional concerns.

Williams said customers using electric space heating would be more heavily targeted by the rate increase, facing an extra $13.14 a month as opposed to the $6.88 that would be tacked onto the bills of those not using electric space heating.

Williams also called Hydro’s financial forecasts unreliable, bringing the 7.9 per cent figure into question.

Lawyer George Orle, speaking for the Manitoba Keewatinowi Okimakanak, said the proposed rate hikes would “make a mockery” of the sacrifices made by First Nations across the province, given that so much of Hydro’s infrastructure is on Indigenous land.

The city of Winnipeg also spoke out against the jump, saying property taxes could rise or services could be cut if the hikes go ahead to compensate for increased, unsustainable electricity costs.

In British Columbia, a BC Hydro 3 per cent increase also moved forward, drawing attention to affordability.

A common theme at the hearing was that Hydro’s request was not backed by facts, and that it was heading towards fear-mongering.

Manitoba Hydro’s CEO begged to differ as he plead his case during the first hearing of a process that is expected to take 10 weeks.

Related News

• Electricity Forum News

• Energy Policy News

Dragonfly energy sector cyberattacks target ICS and SCADA across critical infrastructure, including the power grid and nuclear facilities, using spearphishing, watering-hole sites, supply-chain compromises, malware, and VPN exploits to gain operational access.

Key Points

Dragonfly APT campaigns target energy firms and ICS to gain grid access, risking manipulation and service disruption.

✅ Breaches leveraged spearphishing, watering-hole sites, and supply chains.

✅ Targeted ICS, SCADA, VPNs to pivot into operational networks.

✅ Aimed to enable power grid manipulation and potential outages.

An October, 2017 report by researchers at Symantec Corp., cited by the U.S. government, has linked recent US power grid cyber attacks to a group of hackers it had code-named "Dragonfly", and said it found evidence critical infrastructure facilities in Turkey and Switzerland also had been breached.

The Symantec researchers said an earlier wave of attacks by the same group starting in 2011 was used to gather intelligence on companies and their operational systems. The hackers then used that information for a more advanced wave of attacks targeting industrial control systems that, if disabled, leave millions without power or water.

U.S. intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attacks, condemned by the U.S. government, striking almost simultaneously at multiple locations, are testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

#google#

While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers.

“Since at least March 2016, Russian government cyber actors… targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” according to Thursday’s FBI and Department of Homeland Security report. The report did not say how successful the attacks were or specify the targets, but said that the Russian hackers “targeted small commercial facilities’ networks where they staged malware, conducted spearphishing, and gained remote access into energy sector networks.” At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas.

Symantec doesn’t typically point fingers at particular nations in its research on cyberattacks, said Eric Chien, technical director of Symantec’s Security Technology and Response division, though he said his team doesn’t see anything it would disagree with in the new federal report. The government report appears to corroborate Symantec’s research, showing that the hackers had penetrated computers and accessed utility control rooms that would let them directly manipulate power systems, he says.

“There were really no more technical hurdles for them to do something like flip off the power,” he said.

And as for the group behind the attacks, Chien said it appears to be relatively dormant for now, but it has gone quiet in the past only to return with new hacks.

“We expect they’re sort of retooling now, and they likely will be back,”

In some cases, Dragonfly successfully broke into the core systems that control US and European energy companies, Symantec revealed.

“The energy sector has become an area of increased interest to cyber-attackers over the past two years,” Symantec said in its report.

“Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyberattack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the US being compromised by hackers.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group.”

In recent weeks, senior US intelligence officials said that the Kremlin believes it can launch hacking operations against the West with impunity, including a cyber weapon that can disrupt power grids, according to assessments.

The DHS and FBI report further elaborated: “This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organisations such as trusted third-party suppliers with less-secure networks, referred to as ‘staging targets’ throughout this alert.

“The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. National Cybersecurity and Communications Integration Center and FBI judge the ultimate objective of the actors is to compromise organisational networks, also referred to as the ‘intended target’.”

According to the US alert, hackers used a variety of attack methods, including spear-phishing emails, watering-hole domains, credential gathering, open source and network reconnaissance, host-based exploitation, and deliberate targeting of ICS infrastructure.

The attackers also targeted VPN software and used password cracking tools.

Once inside, the attackers downloaded tools from a remote server and then carried out a number of actions, including modifying key systems to store plaintext credentials in memory, and built web shells to gain command and control of targeted systems.

“This actors’ campaign has affected multiple organisations in the energy, nuclear, water, aviation, construction and critical manufacturing sectors, with hundreds of victims across the U.S. power grid confirmed,” the DHS said, before outlining a number of steps that IT managers in infrastructure organisations can take to cleanse their systems and defend against Russian hackers. he said.
 

Related News

• Electricity Forum News

• Grid Technologies News

Snow-powered nanogenerator harvests static electricity from falling snow using a silicone triboelectric design, enabling energy harvesting, solar panel support during snowfall, and dual-use sensing for weather monitoring and wearable winter sports analytics.

Key Points

A silicone triboelectric device that harvests snowDcharge to generate power and enable sensing.

✅ Triboelectric silicone layer captures charge from falling snow.

✅ Integrates with solar arrays to maintain power during snowfall.

✅ Functions as weather and motion sensor for winter sports.

Scientists from University of California, Los Angeles and McMaster University have invented a nanogenerator that creates electricity from falling snow.

Most Canadians have already seen a mini-version of this, McMaster Prof. Ravi Selvaganapathy told CTV’s Your Morning. “We find that we often get shocked in the winter when it’s dry when we come in into contact with a conductive surface like a doorknob.”

The thin device works by harnessing static electricity: positively-charged, falling snow collides with the negatively-charged silicone device, which produces a charge that’s captured by an electrode.

“You separate the charges and create electricity out of essentially nothing,” Richard Kaner, who holds UCLA’s Dr. Myung Ki Hong Endowed Chair in Materials Innovation and whose lab has explored turning waste into graphene, said in a press release.

“The device can work in remote areas because it provides its own power and does not need batteries or reliance on home storage systems such as the Tesla Powerwall, which store energy for later use,” he said, explaining that the device was 3D printed, flexible and inexpensive to make because of the low cost of silicone.

“It’s also going to be useful in places like Canada, where we get a lot of snow and are pursuing a net-zero grid by 2050 to cut emissions. We can extract energy from the environment,” Selvaganapathy added.

The team, which also included scientists from the University of Toronto, published their findings in Nano Energy journal last year, but a few weeks ago, they revealed the device’s more practical uses.

About 30 per cent of the Earth’s surface is covered by snow each winter, which can significantly limit the energy generated by solar panels, including rooftop solar grids in cold climates.

So the team thought: why not simply harness electricity from the snow whenever the solar panels were covered?

Integrating their device into solar panel arrays could produce a continuous power supply whenever it snows, potentially as part of emerging virtual power plants that aggregate distributed resources, study co-author and UCLA assistant researcher Maher El-Kady explained.

The device also serves as a weather-monitoring station by recording how much snow is falling and from where; as well as the direction and speed of the wind.

The team said they also want to incorporate their device into weather sensors to help them better acquire and transmit electronic signals, supporting initiatives to use AI for energy savings across local grids. They said several Toronto-based companies -- which they couldn’t name -- have expressed interest in partnering with them.

Selvaganapathy said the device would hop on the trend of “sensors being incorporated into what we wear, into our homes and even to detect electricity theft in some markets in order to monitor a lot of the things that are important to us”

But the device’s arguably larger potential use is being integrated into technology to monitor athletes and their performances during winter sports, such as hiking, skiing and cross-country skiing.

Up to now, the movement patterns used during cross-country skiing couldn’t be detected by a smart watch, but this device may be able to.

Scientists such as Kaner believe the technology could usher in a new era of self-monitoring devices to assess an athlete’s performance while they’re running, walking or jumping.

The device is simply a proof of concept and the next step would be figuring out how to generate more electricity and integrate it into all of these potential devices, Selvaganapathy said.

Related News

• Electricity Forum News

• Grid Technologies News