Russian Hacking Campaign Targeting U.S. Electric Utilities

Homeland security officials said that individuals working for Russia are currently targeting electric utilities located in the United States.

The Department of Homeland Security told The Wall Street Journal that persons working for a state-sponsored hacking group called “Dragonfly” or “Energetic Bear” compromised “hundreds of victims” in 2017. They did so through the use of spear-phishing techniques and watering hole attacks designed to steal users’ passwords. With those credentials, they gained access to the networks of suppliers of many U.S. electric utilities. They then stole information that allowed them to infiltrate the utilities themselves. Once inside, they reportedly had the ability to cause blackouts, meaning they would have had access to the control centers themselves.

“They got to the point where they could have thrown switches” said Jonathan Homer, chief of industrial-control-system analysis for DHS.

But Robert M. Lee, CEO and Founder of the industrial cyber security company Dragos, Inc., said on Twitter that some of the language used by the DHS to describe the campaign is misleading.

And language such as “throwing switches” and noting it would cause “black outs” is in no way representative of what was seen in these intrusions. In these cases the adversary was taking screenshots of HMIs.

— Robert M. Lee (@RobertMLee) July 24, 2018

This isn’t the first time homeland security officials warned of Russian actors targeting power companies. In March 2018, DHS and the Federal Bureau of Investigation (FBI) publicly blamed Russia for attempting to hack U.S. energy infrastructure. They said that campaign also attempted to compromise suppliers’ networks before hacking into the power companies themselves.

Investigators cited by The Wall Street Journal said it’s unclear whether Dragonfly conducted this latest campaign in preparation for a larger attack. As a result, DHS said it intends to hold four briefings (Read more...)