According to reports, the RUSSIAN hackers responsible for shutting down the Colonial Pipeline used a single hacked password.
A cyberattack on the Colonial Pipeline, which transports 45% of all fuel consumed on the east coast, sparked a gas crisis.
As the largest oil pipeline in the United States, the Colonial Pipeline typically transports 2.5 million barrels of gas per day, supplying gasoline and diesel to the East Coast and jet fuel to major airports.
The Colonial Pipeline closed on April 29 after being hacked by the Russian criminal group DarkSide.
The group targets large corporations, gains access to the victim’s confidential data, and then threatens to disclose it if the ransom is not paid.
It has now been revealed that the hackers are using a virtual private network account that employees use to remotely access the company’s network in order to gain access to it.
Charles Karmakal, senior vice president of cybersecurity company Mandiant, which is part of FireEye Inc., said that even if the account is no longer used by employees, it can still access the network.
Since then, the account password has been discovered along with other password leaks on the dark web, Bloomberg reports.
But Carmakal says he doesn’t know how the hacker got the password, and they may never know for sure.
Although the hackers obtained the password, it is not known how they found out the username.
“We did a pretty thorough search in the environment to try to determine how they actually got these powers,” Carmakal said.
“We see no evidence of phishing against the employee whose credentials were used. We did not see any other evidence of cybercriminals’ activity before April 29. “
Meanwhile, JBS USA was hacked on Sunday, shutting down all of the company’s meat processing plants in the United States.
It is believed that the Russian hacker group REvil is behind the attack.
The White House has stepped up its response to the attacks, confirming that it is “in direct contact with the Russian government.”
Asked whether “he will retaliate against Russia for this latest ransomware attack,” President Joe Biden said, “We are looking closely at this issue.”
However, the president said no when a reporter asked if he believed Russian President Vladimir Putin was “testing” him.
On Wednesday, the White House said that Biden would consider the cyber attacks during a meeting with Russian President Vladimir Putin two weeks later in Geneva.
Earlier this week, FBI Director Christopher Ray called on officials to step up their response to cyberattacks, comparing them to the 9/11 attacks.
“There are many parallels, there are many implications, and we place a lot of emphasis on disruption and prevention,” Ray told The Wall Street Journal.
“There is a shared responsibility not only between government agencies but also the private sector and even the average American,” Ray said.