Breaking News

Suspected Russia-backed hackers target Baltic energy networks

TechnologyMay 11, 2017 11:25AM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items
© Reuters. FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture

By Stephen Jewkes and Oleg Vukmanovic

MILAN/LONDON (Reuters) - Suspected Russia-backed hackers have launched exploratory cyber attacks against the energy networks of the Baltic states, sources said, raising security concerns inside the West's main military alliance, NATO.

Lithuania, Latvia and Estonia, all members of NATO and the European Union, are on the political front line of tensions between the West and Moscow. The Baltics are locked into Russia's power network but plan to synchronize their grids with the EU.

Interviews with more than a dozen law-enforcement and private investigators, insiders and utility officials show hackers have quietly made incursions into Baltic networks over the past two years, in parallel with more serious attacks in Ukraine that plunged swathes of that country into darkness.

They say Russian state organizations are suspected of being behind the campaigns.

Reuters could not independently verify the sources' allegations.

At the end of 2015, hackers attacked an Internet gateway used to control a Baltic electricity grid, disrupting operations but not causing blackouts, a source familiar with the matter said. He declined to give details due to ongoing private investigations into the incident, which has not been previously reported.

The attack was a distributed denial of service (DDoS), where Internet gateways are bombarded with large amounts of data, a blunt but sometimes effective technique in an age when energy networks are being modernized with digital technology.

The source also said suspected Russia-backed hackers had targeted a Baltic petrol-distribution system at around the same time in an unsuccessful denial of service attack that aimed to cause widespread disruption in petrol deliveries.

The system coordinates deliveries from storage tanks to a network of petrol stations, the source added.

In a separate malware attack on another undisclosed Baltic grid, also around end-2015, hackers targeted network communication devices, serial-to-ethernet converters (STEC), which link sub-stations to central control, two other sources said. The attack did not cause service disruption, they added.

Though these three incidents date back 18 months or so, cyber security consultants are still investigating some of them. They say hackers can remain dormant and undetected inside systems. In Ukraine, hackers had infiltrated the grids there for about six months before the lights went out in December 2015, consultants said.

STECs were also targeted in Ukraine by the so-called Sandworm team, a Russia-backed group that had attacked energy companies in Western Europe and the United States in a campaign in 2014, several sources said.

The two sources with knowledge of the STEC attacks said they had detected the presence of Sandworm in the Baltics, but they did not give evidence for their suspicion. One of them said Sandworm was still active in the Baltic states.

"It's the same kind of slander as all the other similar accusations," Kremlin spokesman Dmitry Peskov said when asked by Reuters about the possible hacks.

Russia has never cut power flows to the Baltic states or threatened to do so.


The NATO sources and utility officials said the Baltic attacks raised concerns that hackers could disable the region's energy networks just as they had done in Ukraine, where government troops have been battling pro-Russian separatists since 2014.

The first Ukraine attack caused crippling blackouts in some parts of the country lasting several hours.

NATO and cyber security experts believe hackers are testing the Baltic energy networks for weaknesses, becoming familiar with how they are controlled in order to be able to shut them down at will.

"On a daily basis there are DDoS attacks designed to probe network architecture, so it could well be possible that something (serious) could take place later on," a Brussels-based NATO official said, requesting anonymity because he was not authorized to speak publicly on the matter.

Lithuanian grid operator Litgrid said attacks on IT systems and the grid were constant but it had not seen DDoS attacks.

Litgrid maintains constant monitoring and runs regular tests to detect any cyber break-ins as part of its network defenses, the utility said in an emailed statement.

Latvia's grid operator, AST, said it had not seen incidents in the last year. Estonia's Elering said only that it had not seen any attacks at the time of the Ukraine incursions in 2015.

A security official based in the Baltics said cyber attacks usually increased when Russia carried out large military exercises near its borders with the Baltic states.

Last month, NATO helped stage a cyber-security exercise in Estonia in which hundreds of cyber experts from around the world competed in teams to protect a fictitious military air base from attacks on, among other things, a power grid system.

In its 2017 national security threat assessment, Lithuania said hackers had launched large-scale DDoS attacks in April last year against state ministries and institutions, Vilnius airport, media and "other important Lithuanian cyber infrastructure".

"A major part of executed cyber attacks against the state sector of Lithuania in 2016 were associated with Russian intelligence," the report said, without giving details.

Lithuania's state-owned energy holding group, Lietuvos Energija, said it had encountered untraceable attacks like zero-day viruses, among others, which exploit hidden vulnerabilities. Lietuvos's businesses include power distribution.

"We do assume that we have adversaries who want to harm us," said Liudas Alisauskas, information security chief at Lietuvos.

Lietuvos runs drills to prepare for cyber attacks, including switching to manual operation of the grid, Alisauskas said.

In Ukraine, operators of older and technologically simpler networks were able to send workers out into the field to manually bring grids back up. This would be more difficult to achieve in modern, digitized networks, cyber consultants said.

Suspected Russia-backed hackers target Baltic energy networks

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind: 

  • Enrich the conversation
  • Stay focused and on track. Only post material that’s relevant to the topic being discussed.
  • Be respectful. Even negative opinions can be framed positively and diplomatically.
  •  Use standard writing style. Include punctuation and upper and lower cases.
  • NOTE: Spam and/or promotional messages and links within a comment will be removed
  • Avoid profanity, slander or personal attacks directed at an author or another user.
  • Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at’s discretion.

Write your thoughts here
Are you sure you want to delete this chart?
Post also to:
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
Are you sure you want to delete this chart?
Replace the attached chart with a new chart ?
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.
Continue with Google
Sign up with Email