US Blames Russia For Energy Grid Attacks

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

United States officials have for the first time publicly blamed the Russian government for two years of cyber attacks on the US power grid

The United States has for the first time publicly accused Russia of hacking attacks against the American power grid.

The accusation was made by the Department of Homeland Security and the FBI in a security alert. Since 2016 they said a campaign by a “multi-stage intrusion campaign by Russian government cyber actors” had been carried out.

Russia is becoming increasingly isolated after its government was accused earlier this week of carrying out an attack using military grade nerve agent on British sovereign territory in Salisbury.

Russian internet © Pavel Ignatov Shutterstock 2012

Grid hacks

And it is not just the US electricity grid being targetted by Russian hackers. The hackers have also been targetting the energy, nuclear, commercial, water, aviation, and critical manufacturing sectors.

“Since at least March 2016, Russian government cyber actors – hereafter referred to as ‘threat actors’ – targeted government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” said the CERT alert.

“This campaign comprises two distinct categories of victims: staging and intended targets,” the alert read. “The initial victims are peripheral organisations such as trusted third-party suppliers with less secure networks, referred to as ‘staging targets’ throughout this alert.”

“The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims,” it said. “NCCIC and FBI judge the ultimate objective of the actors is to compromise organisational networks, also referred to as the ‘intended target.’”

The Russian hackers typically used attacks including spear-phishing emails and watering-hole domains as the methods used to gain access to individuals or companies that were peripherally-related to their primary targets.

The hackers then apparently used those compromised systems to lure industrial control systems personnel (engineers and technical staff) with malware-loaded Word docs disguised as legitimate résumés, invitations, and policy documents.

Dragonfly group

This is the first time that these agencies, under the Trump administration, have publicly named the Russian government as being behind these attacks.

It comes after security firm Symantec last year warned of a resurgence in cyber attacks on European and US energy companies, which could result widespread power outages.

Symantec said last September that the hackers were using “highly sophisticated attempts to control – or even sabotage – operational systems at energy facilities.”

The hackers, known as Dragonfly (or Energetic Bear) were first revealed to the world back in 2014 by Symantec and other researchers, after they had carried out a widespread campaign on a number of energy firms.

The crippling nature of these attacks has been amply demonstrated by the widespread disruptions to Ukraine’s power system in 2015 and 2016.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Those attacks are “likely” to have compromised some industrial control systems in the UK, the NCSC warned.

Unprecedented attacks

The US Department of Energy (DOE) has previously acknowledged those attacks, but said only administrative systems, and not industrial control systems, had been targeted.

The decision by the United States to publicly attribute hacking attempts of American critical infrastructure was “unprecedented and extraordinary”, Amit Yoran, a former US official who founded DHS’s Computer Emergency Response Team, told Reuters.

“I have never seen anything like this,” said Yoran, now chief executive of the cyber firm Tenable.

“People sort of suspected Russia was behind it, but today’s statement from the US government carries a lot of weight,” Ben Read, manager for cyber espionage analysis with cyber security company FireEye was also quoted as saying.

Do you know all about security? Try our quiz!

Read also :