Russian Hackers Penetrate US Electrical Grid – Report

Blackout threat? Russian linked hacking group has compromised networks of American electric utilities

Russian hackers have the potential to cause electrical blackouts in the United States, it has been reported.

This is because Russian-linked hackers last year apparently gained access to the networks of US electric utilities.

It comes after security firm Symantec warned last September of a resurgence in cyber attacks on European and US energy companies. It said the hackers are using “highly sophisticated attempts to control – or even sabotage – operational systems at energy facilities.”

Russian special forces © Darren Baker, Shutterstock 2012

Russian hackers

Symantec identified these hackers as Dragonfly (or Energetic Bear), a group first revealed to the world back in 2014 by Symantec and other researchers, after they had carried out a widespread campaign on a number of energy firms.

But now the Wall Street Journal, citing federal government officials, reported on Monday that this Russian state-sponsored group has gained access to the networks of US electric utilities last year.

This could allow these hackers to cause blackouts, officials at the Department of Homeland Security reportedly said, and they warned that the campaign is likely continuing.

“They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS is quoted as saying.

Experts have been warning of this danger for some time now.

“They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” Michael Carpenter, former deputy assistant secretary of defence, who now is a senior director at the Penn Biden Center at the University of Pennsylvania told the WSJ. “They are waging a covert war on the West.”

Sophisticated attacks

The Dragonfly hackers use conventional tools such as spear-phishing emails and watering-hole attacks that trick victims into entering their passwords and then gained access to corporate networks of suppliers, which allowed the hackers to steal credentials and gain access to utility networks, the Wall Street Journal report.

The Department of Homeland Security did not respond to a request for comment, but the department is said to be searching for evidence on the Russians attempting to automate their attacks.

Investigators cited by the WSJ said was it was not clear whether this was done by the hackers in preparation for a bigger future attack.

Since 2014, the Dragonfly hackers have largely maintained a low profile. That said, they mostly been targetting businesses in the US, Spain, France, Italy, Germany, Turkey and Poland, and have managed to compromise industrial control systems (ICS) used to control sections of power plants.

Long campaign

The group itself is thought to have been in operation since at least 2011 and is based in Russia. It had initially targeted defence and aviation companies in the US and Canada before it moved its crosshairs over to energy firms.

But last year Symantec warned that the energy sector in Europe and North America is once again being targeted by a new wave of cyber attacks “that could provide attackers with the means to severely disrupt affected operations.”

The crippling nature of these attacks has been amply demonstrated by the widespread disruptions to Ukraine’s power system in 2015 and 2016.

Last July the National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

The US Department of Energy (DOE) has previously acknowledged those attacks, but said only administrative systems, and not industrial control systems, had been targeted.

Do you know all about security? Try our quiz!