Russian Hackers Penetrate US Electrical Grid – Report

Russian hackers have the potential to cause electrical blackouts in the United States, it has been reported.

This is because Russian-linked hackers last year apparently gained access to the networks of US electric utilities.

It comes after security firm Symantec warned last September of a resurgence in cyber attacks on European and US energy companies. It said the hackers are using “highly sophisticated attempts to control – or even sabotage – operational systems at energy facilities.”

Russian hackers

Symantec identified these hackers as Dragonfly (or Energetic Bear), a group first revealed to the world back in 2014 by Symantec and other researchers, after they had carried out a widespread campaign on a number of energy firms.

But now the Wall Street Journal, citing federal government officials, reported on Monday that this Russian state-sponsored group has gained access to the networks of US electric utilities last year.

This could allow these hackers to cause blackouts, officials at the Department of Homeland Security reportedly said, and they warned that the campaign is likely continuing.

“They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS is quoted as saying.

Experts have been warning of this danger for some time now.

“They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” Michael Carpenter, former deputy assistant secretary of defence, who now is a senior director at the Penn Biden Center at the University of Pennsylvania told the WSJ. “They are waging a covert war on the West.”

Sophisticated attacks

The Dragonfly hackers use conventional tools such as spear-phishing emails and watering-hole attacks that trick victims into entering their passwords and then gained access to corporate networks of suppliers, which allowed the hackers to steal credentials and gain access to utility networks, the Wall Street Journal report.

The Department of Homeland Security did not respond to a request for comment, but the department is said to be searching for evidence on the Russians attempting to automate their attacks.

Investigators cited by the WSJ said was it was not clear whether this was done by the hackers in preparation for a bigger future attack.

Since 2014, the Dragonfly hackers have largely maintained a low profile. That said, they mostly been targetting businesses in the US, Spain, France, Italy, Germany, Turkey and Poland, and have managed to compromise industrial control systems (ICS) used to control sections of power plants.

Long campaign

The group itself is thought to have been in operation since at least 2011 and is based in Russia. It had initially targeted defence and aviation companies in the US and Canada before it moved its crosshairs over to energy firms.

But last year Symantec warned that the energy sector in Europe and North America is once again being targeted by a new wave of cyber attacks “that could provide attackers with the means to severely disrupt affected operations.”

The crippling nature of these attacks has been amply demonstrated by the widespread disruptions to Ukraine’s power system in 2015 and 2016.

Last July the National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

The US Department of Energy (DOE) has previously acknowledged those attacks, but said only administrative systems, and not industrial control systems, had been targeted.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago