Content, Breach, Channel markets, Vertical markets

Russian Cyber Attackers Could Have Shut Down U.S. Power Grid, DHS & FBI Say

Russian cyber attacks have surreptitiously gained access to U.S. and European critical infrastructure and could have shut down or crippled nuclear power plants and systems controlling water, electricity, aviation and commercial manufacturing, U.S. officials said in an alert on Thursday.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) termed the attacks as a “multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks.” The hackers installed malware, conducted spear phishing campaigns and made their way inside critical infrastructure networks, the report said. “After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS),” officials said.

U.S. intelligence has been aware of the attacks since 2015 but this marks the first official confirmation by the Trump Administration that Russian hackers have targeted facilities basic to the daily lives of hundreds of millions of people. So far there’s no visible evidence of damage to critical infrastructure facilities, reports said.

Initial targets of the hacks appear to be “trusted third-party suppliers with less secure networks,” the alert said. Those networks were used as “pivot points and malware repositories” to target the intended victims. The ultimate goal was to “compromise organizational networks,” the DHS and FBI said. Targets were deliberately chosen for their vulnerability, the alert said.

Last July, Bloomberg reported that cyber attackers working for an unidentified nation state had breached more than 12 U.S. power plants, including the Wolf Creek nuclear facility in Kansas. That discovery prompted widespread concern that the hackers were prepping for a larger assault on the U.S. electric grid, the report said. At the time, Russia was suspected of being behind the attacks.

In that and this invasion, Russia has signaled that it can break into and sabotage the U.S. electric grid at anytime, officials said. The attacks reportedly accelerated in mid-2015 and continued past President Trump’s inauguration, although there’s no apparent tie-in with the 2016 presidential elections.

U.S. government and commercial cyber security experts have previously warned that the U.S. is ill-prepared to detect and combat an attack on the electric grid and associated critical infrastructure controls. Last July, top U.S. security professionals said U.S. cyber defenses may not be able to withstand a withering security attack aimed at government and critical infrastructure targets. Within the next two years, hackers are likely to go after government agencies and vital industries such as utilities, health care facilities and financial services, they cautioned.

Last September, Security specialist Symantec presaged the DHS and FBI alert with news that a series of recent hacker attacks had compromised energy companies in the U.S. and Europe and resulted in the intruders gaining hands-on access to power grid operations—enough control that they could have induced blackouts on American soil at will. The campaign of attacks by a group called Dragonfly 2.0 aimed at dozens of energy companies in the spring and summer, Symantec said. In more than 20 cases, the hackers successfully gained access to the target companies’ networks.

Separately, FireEye said on Friday that it has tracked a series of escalating attacks on engineering and maritime facilities tied to a Chinese cyber espionage group dubbed Leviathan.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.