Russia Blamed For Attacks On US Power Grid Starting In 2016

The Trump administration has blamed the Russian government for a series of cyber attacks targeting American and European nuclear power plants and other critical utilities dating back at least two years – raising fears that the Kremlin could disrupt the West’s critical infrastructure in the event of a conflict. 

The hackers also targeted the overall energy sector, along with commercial facilities, aviation, manufacturing and the water supply, according to a U.S. security alert published Thursday. 

The Department of Homeland Security and FBI said in the alert that a “multi-stage intrusion campaign by Russian government cyber actors” had targeted the networks of small commercial facilities “where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” The alert did not name facilities or companies targeted. –Reuters

The report says that Russians used various hacking techniques, including spear-phishing emails, watering-hole domains, credential gathering and open-source and network reconnaissance.

Russian hackers made their way to machines with access to critical control systems at power plants that were not identified. The hackers never went so far as to sabotage or shut down the computer systems that guide the operations of the plants.

Still, new computer screenshots released by the Department of Homeland Security on Thursday made clear that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants. –NYT

“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” said Eric Chien, a security technology director at Symantec, who added “From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation.”

The New York Times notes that “American officials and security firms, including Symantec and CrowdStrike, believe that Russian attacks on the Ukrainian power grid in 2015 and 2016 that left more than 200,000 citizens there in the dark are an ominous sign of what the Russian cyberstrikes may portend in the United States and Europe in the event of escalating hostilities.”

Meanwhile, Thursday’s announcement from DHS marks the first official claim that the Kremlin attacked the power grid.

It was the first time the administration officially named Russia as the perpetrator of the assaults. And it marked the third time in recent months that the White House, departing from its usual reluctance to publicly reveal intelligence, blamed foreign government forces for attacks on infrastructure in the United States. –NYT

Vikram Thakur of Symantec Security Response said that gaining access to networks tied to various segments of U.S. infrastructure is extremely difficult, adding that cyberattacks like the ones described in the DHS announcement have the potential to cause significant damage. 

“The only thing that holds an attacker back is political motivation,” Thakur told CNN, adding “Usually the bar for flipping the switch is extremely high.”

The announcement coincided with the U.S. Treasury Department’s Thursday decision to slap sanctions on 19 Russians and five groups – including the Kremlin’s intelligence services for meddling in the 2016 U.S. presidential election, along with various other cyber crimes. 

Russia has previously denied the charges. 

In December, 2016 the Washington Post erroneously reported  that Russian hackers had penetrated the electric grid in Vermont using malicious code associated with the hacking operation dubbed “Grizzly Steppe” by the Obama administration. WaPo corrected the story 48 hours later with the publication of a new article. 

Last July, however, the Department of Homeland Security reported that the Wolf Creek Nuclear Operating corp in Kansas had been targeted by hackers in one of several breaches of U.S. nuclear plants. Hackers were thought to be mapping out computer networks for future attacks, according to the Times. 

That said, there has been a fair amount of pushback against the administration’s claims of Russian hacking by both the Wolf Creek plant and the Nuclear Energy Institute.

Spokeswoman Jenny Hageman declined to say at the time if the plant had been hacked but said that there had been no operational impact to the plant because operational computer systems were separate from the corporate network. Hageman on Thursday said the company does not comment on security matters.

John Keeley, a spokesman for the industry group the Nuclear Energy Institute, said: “There has been no successful cyber attack against any U.S. nuclear facility, including Wolf Creek.” –Reuters

Meanwhile, watch out – China is beefing up their cyberweapons…