Multiple Ransomware Attacks on Artillery Contractors

DedicatedICS

The Defense Armaments Agency announced today that production
of 155mm artillery shells at Blackshear Arsenal in Georgia has been halted for
two weeks due to multiple ransomware attacks on subcontractors supply parts for
the high-tech munitions that are being consumed in high number in the Ukraine. “We
are unable to obtain component parts for the fuses and attitude control systems
because various manufacturers have had production interruptions due to cyberattacks
on manufacturing facilities,” Samuel C Robinson, spokesperson for the Agency,
told reporters this morning.

The Federal Bureau of Inquiry is the lead agency in the
investigation because the facilities are not directly contracted by the
Department of Defense. According to Johnathan Quest, FBI spokesperson, the
companies involved provide parts to component manufacturers that supply the
Blackshear Arsenal. “In most cases, the initial set of attacks were being
investigated by State and local authorities as routine ransomware attacks,”
Quest explained.

General Turgidson, Director of the National Critical
Infrastructure Security Operations Center (CI-SOC) which is supporting the
investigation, it was not until Blackshear reported supply interruptions of
multiple contractors that national level interest was focused on the
investigation. “For the most part, these are small businesses using highly-automated
manufacturing systems to provide small volume, high-tech components for these ammunition
components,” Turgidson explained.

“It looked like these were simply ransomware attacks on
random organization when we first started receiving reports form our suppliers”
Blackshear spokesperson George Forno told reporters; “When we started receiving
reports of damaged control systems after ransoms were paid, it became apparent
that this was something more organized.”

“We are still not convinced that this is a centrally
directed effort,” Quest responded. The FBI has isolated four different ransomware
programs associated with known criminal groups from Russia, North Korea, Iran
and Nigeria.

CI-SOC had determined that there have been some indicators
that some unknown actor is providing corporate access data to known ransomware
groups. “While most of these small businesses do not have significant cyber defenses
due to a lack of cybersecurity personnel, there have been at least two of the
facilities have been supported by the CI-SOC,” Turgidson explained; “Access to
those systems took a level of sophistication not normally associated with criminal
organizations.”

A technician at CI-SOC that is not authorized to talk to the
press has told me that a number of cybersecurity and industrial control system
companies are working closely with CI-SOC, the FBI and the affected facilities in
a coordinated effort to get them back on line. Turgidson confirmed that this is
an all-hands effort. “We cannot afford to allow production at Blackshear to
remain idle while our allies in Ukraine are preparing for an expected Russian
offensive. They need these 155mm shells.”

CAUTIONARY NOTE: This is a future
news story –Future ICS Security NewsRead More