Russian hackers gained access to American utility networks, exposing U.S. utility systems to a potential attack, the government said Monday. (Sean Gallup/Getty Images)
© 2024 Blaze Media LLC. All rights reserved.
Russian-state hackers infiltrated US utility networks, possibly caused blackouts, DHS official says
July 24, 2018
Russian-based hackers gained access to the control rooms of U.S. utility companies last year as part of a sophisticated, "long-running campaign," possibly causing blackouts. The hacking campaign was confirmed by officials with the Department of Homeland Security on Monday, according to the Wall Street Journal.
Officials said the cyberattack campaign likely remains ongoing.
What are the details?
The hackers, who worked for a state-sponsored hacking group known as Dragonfly or Energetic Bear, broke into allegedly secure utility networks by first exploiting the networks of companies who worked with the utility companies, the DHS said.
Jonathan Homer, chief of industrial-control-system analysis for DHS, said the cyberattacks began in the spring of 2016. There have been hundreds of "victims" since then, he said.
According to the WSJ, the attacks began through "spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites," sent to employees of utility vendor companies, many of which are smaller and lack sophisticated network security.
Once inside vendor networks, the hackers collected as much information about utility systems as possible, such as what equipment utility networks use, how equipment is controlled, and how networks are configured. They also sought to learn the daily ins-and-outs of the utility business, so they could innocuously disguise their attacks.
The goal of the Russian hackers, Homer said, was to disguise themselves as "the people who touch these systems on a daily basis."
The DHS first began warning American utility companies with security clearances about their vulnerabilities in 2014. The DHS's briefing Monday was the first of its kind in an unclassified setting. The DHS plans to hold additional meetings with utility executives, according to the WSJ, hoping for increased industry cooperation with the government.
How successful were the hackers?
The campaign was so successful that hackers managed to access utility control networks — and gained the ability to force disruptions.
"They got to the point where they could have thrown switches" to cause blackouts, Homer said, according to the WSJ.
Want to leave a tip?
We answer to you. Help keep our content free of advertisers and big tech censorship by leaving a tip today.
Want to join the conversation?
Already a subscriber?
Staff Writer
Chris Enloe is a staff writer for Blaze News
chrisenloe
more stories
Sign up for the Blaze newsletter
By signing up, you agree to our Privacy Policy and Terms of Use, and agree to receive content that may sometimes include advertisements. You may opt out at any time.
© 2024 Blaze Media LLC. All rights reserved.
Get the stories that matter most delivered directly to your inbox.
By signing up, you agree to our Privacy Policy and Terms of Use, and agree to receive content that may sometimes include advertisements. You may opt out at any time.