As an important part of the power grid, photovoltaic (PV) systems are increasingly dependent on standard information technology (IT) computing and network infrastructure for operation and maintenance. However, this dependence exposes PV systems to higher vulnerability and risk of cyberattacks.
On May 1, Japanese media Sankei Shimbun reported that hackers hijacked about 800 remote monitoring devices of solar power generation facilities, some of which were abused to steal bank accounts and defraud deposits. Hackers took over these devices during the cyberattack to hide their online identities. This may be the world's first publicly confirmed cyberattack on solar grid infrastructure, including charging stations.
According to electronic equipment manufacturer Contec, the company's SolarView Compact remote monitoring device was abused. The device is connected to the Internet and is used by companies operating power generation facilities to monitor power generation and detect anomalies. Contec has sold about 10,000 devices, but as of 2020, about 800 of them have defects in responding to cyberattacks.
It is reported that the attackers exploited a vulnerability (CVE-2022-29303) discovered by Palo Alto Networks in June 2023 to spread the Mirai botnet. The attackers even posted a "tutorial video" on Youtube on how to exploit the vulnerability on the SolarView system.
The hackers used the flaw to infiltrate remote monitoring devices and set up "backdoor" programs that allowed them to be manipulated from the outside. They manipulated the devices to illegally connect to online banks and transfer funds from financial institution accounts to hacker accounts, thereby stealing funds. Contec subsequently patched the vulnerability on July 18, 2023.
On May 7, 2024, Contec confirmed that the remote monitoring equipment had suffered the latest attack and apologized for the inconvenience caused. The company notified the power generation facility operators of the problem and urged them to update the equipment software to the latest version.
In an interview with analysts, South Korean cybersecurity company S2W said that the mastermind behind the attack was a hacker group called Arsenal Depository. In January 2024, S2W pointed out that the group launched the "Japan Operation" hacker attack on Japanese infrastructure after the Japanese government released contaminated water from the Fukushima nuclear power plant.
As for people's concerns about the possibility of interference with power generation facilities, experts said that the obvious economic motivation made them believe that the attackers were not targeting grid operations. “In this attack, the hackers were looking for computing devices that could be used for extortion,” said Thomas Tansy, CEO of DER Security. “Hijacking these devices is no different than hijacking an industrial camera, a home router or any other connected device.”
However, the potential risks of such attacks are huge. Thomas Tansy added: "But if the hacker's goal turns to destroying the power grid, it is entirely possible to use these unpatched devices to carry out more destructive attacks (such as interrupting the power grid) because the attacker has already successfully entered the system and they only need to learn some more expertise in the photovoltaic field."
Secura team manager Wilem Westerhof pointed out that access to the monitoring system will grant a certain degree of access to the actual photovoltaic installation, and you can try to use this access to attack anything in the same network. Westerhof also warned that large photovoltaic grids usually have a central control system. If hacked, hackers can take over more than one photovoltaic power plant, frequently shut down or open photovoltaic equipment, and have a serious impact on the operation of the photovoltaic grid.
Security experts point out that distributed energy resources (DER) composed of solar panels face more serious cybersecurity risks, and photovoltaic inverters play a key role in such infrastructure. The latter is responsible for converting the direct current generated by solar panels into the alternating current used by the grid and is the interface of the grid control system. The latest inverters have communication functions and can be connected to the grid or cloud services, which increases the risk of these devices being attacked. A damaged inverter will not only disrupt energy production, but also cause serious security risks and undermine the integrity of the entire grid.
The North American Electric Reliability Corporation (NERC) warned that defects in inverters pose a "significant risk" to the reliability of bulk power supply (BPS) and could cause "widespread blackouts." The U.S. Department of Energy warned in 2022 that cyberattacks on inverters could reduce the reliability and stability of the power grid.
If want to know more about this, please feel free to contact us.
Tel: +86 19113245382 (whatsAPP, wechat)
Email: sale04@cngreenscience.com
Post time: Jun-08-2024
