According to Homeland Security officials, state-sponsored Russian hackers compromised US utility networks in a campaign affecting ‘hundreds’ of victims.
The Wall Street Journal cites officials from the DHS (Department of Homeland Security) claiming that hackers reached the point they ‘could have thrown switches’ to cause significant disruption.
Officials linked the hacks to a state-sponsored hacking group previously known as Dragonfly or Energetic Bear.
Back in June 2014, cybersecurity experts from Symantec released a white paper on Dragonfly/Energetic Bear. They noted the hackers appear to have been in operation since at least 2011 and compromised ‘a number of strategically important organizations.’
Their initial focus was on defense and aviation companies in the US and Canada before shifting its focus mainly to US and European energy firms in early 2013.
Symantec explains the group’s usual attack method:
“The first phase of Dragonfly’s attacks consisted of the group sending malware in phishing emails to personnel in target firms.
In the second phase, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in the energy sector in order to redirect them to websites hosting an exploit kit. The exploit kit in turn delivered malware to the victim’s computer.
The third phase of the campaign was the Trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers.”
The DHS says that systems were compromised using the credentials of actual employees, which sounds like the methods Symantec revealed Dragonfly has used in the past to compromise networks.
Due to this usage of legitimate credentials, the DHS believes some companies may not even be aware they’ve been compromised. As such, the attack may be ongoing and hackers may still have access to systems.
Backdrop of Russian Hacking
Robert M. Lee, Founder of Dragos cybersecurity and ex-NSA, wrote a piece for Fortune last year titled ‘Hackers Got Into America’s Power Grid. But Don’t Freak Out.’
In his article, Lee called for the threats to be taken seriously, but not over-dramatised. He notes that America’s power grid is far more complex and resilient than say Ukraine’s which suffered six hours of outages following a hack.
He says: “Disrupting a few power sites is easier than people would like to admit, but designing an attack to impact the grid in any considerable way is significantly challenging.”
Earlier this month, US President Donald Trump was criticised for his joint press conference in Helsinki for seemingly trusting the word of Russian President Vladimir Putin over that of his own intelligence agencies with regards to interference in the US presidential elections.The hacks of utility networks is set to a wider backdrop of state-sponsored Russian hacking allegations.
When asked by a reporter if he believed Russia was responsible for the meddling, Trump responded: “I don’t see any reason why it would be.”
“I have great confidence in my intelligence people, but I will tell you that President Putin was extremely strong and powerful in his denial today.”
Trump has since claimed he misspoke during the summit and had meant to say “I don’t see any reason it wouldn’t be” while also seemingly undermining his own statement by adding “It could be other people also. There’s a lot of people out there.”
Critics were quick to suggest the context around the president’s quote indicates he said what he meant the first time.
What are your thoughts on the Russian hacks? Let us know in the comments.