“We know that LNG terminals are a target. It’s just a question of when and how,” researcher Casey Brooks of US cybersecurity company Dragos told RTL Z.
Dragos, who specializes in protecting industrial companies, sees that two groups of hackers, Xenotime and Kamacite, are conducting “exploratory searches” in the digital systems of the Gasunie LNG terminal in Rotterdam. Furthermore, they would analyze the systems of other European LNG terminals and infrastructures in the energy sector.
“These are tests to see where they could potentially be impacted by a digital attack.” The groups have according to the FBI in cyberonderzoekers ties to the Russian secret services.
Also, the FBI has warned earlier this year although Russian hackers have similarly probed the systems of American energy companies.
More activities
Other cybersecurity firms are also seeing increased activity around vital infrastructure in Europe and the Netherlands. Like the Dutch company EclecticIQ. According to that company, it is the first time that Xenotime focuses on Europe.
It makes sense that Dutch LNG terminals are now being investigated by Russian hackers, says Joep Gommers, founder of EclecticIQ. “It’s certainly within Russia’s modus operandi and focus right now.”
This is also what Ralph Moonen of the cybersecurity company Secura says. “Russian hacking groups have been known to carry out such investigations.”
More cyber attacks after the war
Due to the war in Ukraine, cyber security companies are seeing a significant increase in the number of cyber attacks in general this year. In the months of January to September, that’s an average of more than 5 million unique cyberattacks per month, according to data from cybersecurity firm ESET. This is more than 20 percent more than in 2021.
This concerns, for example, phishing attacks, attacks with hostage software or other forms of malicious malware, and DDoS attacks to make websites inaccessible to visitors.
Concrete threat from the energy crisis
Security guard Fox-IT estimates that due to the energy crisis there is a real threat that bad actors are targeting companies active in the energy sector. “Particularly in the supply chain for LNG supply and distribution,” says a Fox-IT spokesperson.
“The interested parties in this sector are likely to be state-sponsored malicious groups, for example the groups led by the Russian FSB and the GRU (secret services, ed.).”
Act before things go wrong
MEP Bart Groothuis (VVD) is aware of signals from Russian hacker groups investigating LNG terminal systems.
“The time has come gradually to act before things go wrong. Gas is Russia’s weapon of choice against the EU. Wreaking havoc on the energy market and manipulating that market is a clear geopolitical goal,” says Groothuis .
Why are LNG terminals so important?
LNG is important to the Netherlands now that the Russian gas tap has been closed due to the war in Ukraine. If those terminals shut down for any reason, gas production capacity will be lost, says René Peters, director of gas technology at TNO.
Rotterdam’s capacity will be expanded to 16 billion cubic meters per year. While Eemshaven now produces 8 billion cubic meters per year. Together they account for more than half of Dutch gas consumption of 40 billion cubic meters of gas per year.
“If we lose that capacity for a short time, then we don’t immediately have a problem. Because we still have 14 billion cubic meters stored and we still have our little fields.”
Gasunie is silent
Gasunie won’t say if he knows of any Russian hackers looking for vulnerabilities within the company. “In the context of security, we do not provide any information on this.”
Gasunie also won’t say whether he has tightened security measures. “Apart from the war situation, security is of paramount importance and we take all kinds of situations into consideration.”
The company owns the Eemshaven LNG terminal and, together with Vopak, owns the Rotterdam terminal. Vopak declined to answer RTL Z’s questions.