European Wind-Energy Sector Hit in Wave of Hacks

Cyber ​​attacks on three European wind energy companies since the start of the war in Ukraine have raised alarm that hackers sympathetic to Russia are trying to wreak havoc in a sector that will benefit from efforts to reduce dependence on Russian oil and gas.

The attacked companies have not publicly attributed the hacks to a particular criminal group or country, and Russia has consistently denied that it is launching cyber attacks.

But the timing of the attacks suggests potential links to supporters of Russia’s invasion of Ukraine, said Christoph Zipf, a spokesman for WindEurope, an industrial group based in Brussels.

Serious cyberattacks on industrial equipment are uncommon and require considerable knowledge to prepare for, according to security experts.

The three companies targeted in the attacks are all based in Germany. Deutsche Windtechnik AG, which specializes in the maintenance of wind turbines, was hacked in April. Remote control systems for about 2,000 wind turbines in Germany were down for about a day after the attack, the company said.

Turbine maker Nordex SE said it discovered a security incident on March 31 that forced it to shut down its information technology systems. Conti, a ransomware group that has declared support for the Russian government, said this month that it was responsible for the attack.

Enercon GmbH, also a turbine manufacturer, said it was “security damage” in an attack on a satellite company in February that happened “at almost the exact same time as Russian troops invaded Ukraine.” The attack knocked out the remote control of 5,800 of Enercon’s wind turbines, even though they continued to run in auto mode.

Technicians perform maintenance on an Enercon wind turbine in Bernsdorf, Germany, in November.


Photo:

Jan Woitas / Zuma Press

“We need high IT security standards” because the growing renewable energy sector will be a bigger target for hackers, said Matthias Brandt, director of Deutsche Windtechnik, which has around 2,000 employees. “The crisis in Russia and Ukraine shows us that renewable energy will replace oil and gas in the future,” he said.

The European Union began reducing Russian energy imports this month as member states considered alternatives such as nuclear power, or accelerated plans to switch to renewable energy after years of dependence on Russian oil and gas.

Germany froze the Nord Stream 2 gas pipeline, which was about to be operational, in February. Here part of the pipeline near Lubmin, Germany.


Photo:

Sean Gallup / Getty Images

Germany, Europe’s largest economy, has rejected EU-wide sanctions against Russian fuel, arguing that such a move would harm the German economy. The country advanced its plan to reach almost 100% renewable energy by 2035 and get used to Russian oil and coal imports this year. Still, a German official said in late March that Russia accounted for 40% of the country’s natural gas imports, down from 55% four weeks earlier, but still significantly above the EU average.

Cybersecurity experts working with Deutsche Windtechnik are investigating whether the ransomware attack used Conti malware, said Mr. Brandt. Chats from Conti ransomware users leaked online last month revealed connections to Russian security services. These hackers also discussed targeting organizations they consider working against Russia.

U.S. utilities aiming to supply alternative energy to Europe have also been targets, said Jim Guinn, who heads the consulting firm Accenture PLC’s global cyber security business for energy, utilities, chemicals and mining.

Mr. Guinn said that at a U.S.-based liquefied natural gas company he has worked with, scanning external cybersecurity bugs has tripled in the past month,

A hacker who manages to infect the industrial equipment that controls wind turbines can manipulate the machines’ brakes to stop power production, says Trond Solbert, CEO of cyber security at the Norwegian risk management company DNV GL. It could disrupt customer services and revenue for manufacturers, Mr. Solbert. A simpler strike on local Internet-connected services could disrupt remote monitoring systems in wind farms, he added.

Deutsche Windtechnik director Matthias Brandt, left.


Photo:

German wind technology

The attack on Deutsche Windtechnik affected internal IT systems, not the industrial systems that control its turbines, said Mr. Brandt. He found out that the company’s systems were not working properly when the technology department called him around noon. 06.00 on 12 April. An hour or two later, IT personnel drove to a data center in northern Germany to find out that Deutsche Windtechnik had been hit by ransomware. last night.

Machines displayed codes that resembled hieroglyphs, Mr. Brandt, indicating that servers had been encrypted with malware. Later that day, employees found an electronic note from hackers instructing the company to contact them to recover their data. The next day, Deutsche Windtechnik had solved most of the problems and did not reach the hackers, he said.

As European countries shift away from Russian energy, important alternative sources will be wind farms in Germany and the North Sea, said Mr. Guinn from Accenture. Hackers who have promised to attack opponents of Russian interests are targeting companies working with these alternatives, he said. “This is a bit of a long battle. This is a chess match – this is not smash and grab,” he added.

About 90% of Deutsche Windtechnik’s staff email accounts have been restored, Mr. Brandt. The company needs a few weeks to bring back parts of its corporate software, which IT staff shuts down out of caution. “Customers and clients may not see it, but internally it’s a lot of work,” he said. He does not yet know how much the incident will cost the company.

More from WSJ Pro Cybersecurity

Write to Catherine Stupp at Catherine.Stupp@wsj.com

Copyright © 2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Leave a Reply

Your email address will not be published. Required fields are marked *