Monday, November 18, 2019
  • Pew Survey: America Worries About Privacy (But Won’t Do Anything About It)
  • Ointment, Fly Therein
  • National Cybersecurity Awareness Month Is Over, Long Live Cybersecurity Awareness
  • 5G & IoT: Real-World Rollouts Launch New Opportunities and Security Threats
  • Derbycon2019, Tracy Z. Maleeff’s ‘Empathy As A Service To Create A Culture Of Security’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Russian Hacking Campaign Targeting U.S. Electric Utilities

Russian Hacking Campaign Targeting U.S. Electric Utilities

by David Bisson on July 24, 2018

Homeland security officials said that individuals working for Russia are currently targeting electric utilities located in the United States.

The Department of Homeland Security told The Wall Street Journal that persons working for a state-sponsored hacking group called “Dragonfly” or “Energetic Bear” compromised “hundreds of victims” in 2017. They did so through the use of spear-phishing techniques and watering hole attacks designed to steal users’ passwords. With those credentials, they gained access to the networks of suppliers of many U.S. electric utilities. They then stole information that allowed them to infiltrate the utilities themselves. Once inside, they reportedly had the ability to cause blackouts, meaning they would have had access to the control centers themselves.

“They got to the point where they could have thrown switches” said Jonathan Homer, chief of industrial-control-system analysis for DHS.

But Robert M. Lee, CEO and Founder of the industrial cyber security company Dragos, Inc., said on Twitter that some of the language used by the DHS to describe the campaign is misleading.

And language such as “throwing switches” and noting it would cause “black outs” is in no way representative of what was seen in these intrusions. In these cases the adversary was taking screenshots of HMIs.

— Robert M. Lee (@RobertMLee) July 24, 2018

This isn’t the first time homeland security officials warned of Russian actors targeting power companies. In March 2018, DHS and the Federal Bureau of Investigation (FBI) publicly blamed Russia for attempting to hack U.S. energy infrastructure. They said that campaign also attempted to compromise suppliers’ networks before hacking into the power companies themselves.

Investigators cited by The Wall Street Journal said it’s unclear whether Dragonfly conducted this latest campaign in preparation for a larger attack. As a result, DHS said it intends to hold four briefings (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/off-topic/russian-hacking-campaign-targeting-u-s-electric-utilities/

July 24, 2018July 24, 2018 David Bisson electric, Hacking, Off Topic, Russia
  • ← UK university domains spoofed in massive fraud campaign targeting suppliers
  • Hackers breach Singapore’s largest healthcare provider; steal records of 1.5 million patients, including the Prime Minister →
Featured Blog

Enzoic

Firm Cybersecurity: Professional Services Firms are Vulnerable Targets

Enzoic

Automate Password Policy & NIST Password Guidelines

Enzoic

Why Biometric Authentication is Just Part of the Security Puzzle

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Network Infrastructure Security: An Underserved Market
TPM-FAIL: Intel and STMicro ‘Fix’ 26-Year-Old Vulnerability
Report: Retail Sector Under Cybersecurity Siege
Phishing Increasingly Targets SaaS, Webmail
1Password Secures $200M in Series A Funding, Heads for the Enterprise
Mitigating Risk and High-Risk Vulnerabilities in Unsupported Operating Systems: BlueKeep Edition
Active Office 365 Phishing Campaign Targeting Admin Credentials
For autonomous vehicles, there’s a difference between security and safety: part I
Self-Sovereign Identity: A Distant Dream or an Immediate Possibility?
Aligning SECaaS with Your Organization’s Cloud Security Needs

Upcoming Webinars

Tue 19

SAP Concur’s Cloud Journey

November 19 @ 1:00 pm - 2:00 pm
Dec 09

Cloud Security – Keeping Serverless Data Safe

December 9 @ 11:00 am - 12:00 pm
Dec 10

Securing Mobile Apps, From the Inside Out

December 10 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Open Source Security: Weighing the Pros and Cons

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Security Threats Are Swamping IT
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Security Threats Are Swamping IT

November 18, 2019 Eric Williams | Yesterday 0
Phishing Increasingly Targets SaaS, Webmail
Cybersecurity Industry Spotlight Security Boulevard (Original) Social Engineering 

Phishing Increasingly Targets SaaS, Webmail

November 15, 2019 Dean Coclin | 3 days ago 0
Network Infrastructure Security: An Underserved Market
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Network Infrastructure Security: An Underserved Market

November 14, 2019 Thomas Carnevale | 4 days ago 0

Top Stories

Pew Survey: America Worries About Privacy (But Won’t Do Anything About It)
Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance News Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches 

Pew Survey: America Worries About Privacy (But Won’t Do Anything About It)

November 18, 2019 Richi Jennings | Yesterday 0
Report: Retail Sector Under Cybersecurity Siege
Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

Report: Retail Sector Under Cybersecurity Siege

November 15, 2019 Michael Vizard | 3 days ago 0
1Password Secures $200M in Series A Funding, Heads for the Enterprise
Cybersecurity Featured Identity & Access News Security Boulevard (Original) Spotlight 

1Password Secures $200M in Series A Funding, Heads for the Enterprise

November 15, 2019 Frank Ohlhorst | 3 days ago 0

Security Humor

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics .

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics ‘SIGINT Analyst’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.