Hackers Attack RWE Website Amid Hambach Forest Evictions


Hackers Attack RWE Website Amid Hambach Forest Evictions (Sep 25, 2018)

German electric utilities company, Rheinisch-Westfälisches Elektrizitätswerk (RWE), suffered a Distributed Denial-of-Service (DDoS) attack following the forcible evictions of protesters from the Hambach Forest. The DDoS attack caused the RWE website to go down on Monday September 24, and as of Tuesday, September 25, it was still completely inaccessible. No other servers were attacked, according to the company. Protesters have been squatting in the forest since the company declared it intended to expand coal mining operations and clear the historic forest. The removals stopped following the death of a journalist in the forest, but had started to continue again on Monday, September 24. The German-speaking sect of the Anonymous hacktivist group, Anonymous Deutsche, released a YouTube video clip claiming the DDoS attack against the company’s main site, and stated it would continue to attack the servers and bring down their web pages until the company stopped expansion into the Hambach forest

Recommendation: Hacktivist groups tend to utilize DDoS attacks as their main vector to affect businesses and government entities that they are not happy with. Understanding socio-political context can help inform your organisation of potential threats, especially from hacktivist groups, and help mitigate those threats before they occur. Denial-of-service attacks can potentially cost your company loss in revenue because severe attacks can shut down online services for extended periods of time. In addition, the availability for threat actors to compromise vulnerable devices, and purchase DDoS for hire is a continually evolving threat. Mitigation technique can vary depending on the specifics of the attack. Furthermore, a business continuity plan should be in place in the unfortunate case that your company is the target of a significant DDoS attack.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.