Russian hackers have successfully infiltrated the control system rooms of U.S. electrical utilities, the Department of Homeland Security announced earlier this week.
Suspected hacking groups Dragonfly and Energetic Bear infiltrated their targets using common methods including spear-phishing and watering-hole attacks. They first targeted third-party vendors associated with the utilities, which they then leveraged to steal credentials and gain access to operating systems.
While the hackers’ methods were not exotic, the consequences have the potential at least to be quite severe, as seen when Ukraine’s electrical grid was disrupted in 2016–an incident that was also attributed to Russian state activity (in that case relating to the annexation of Crimea).
Utilities have always been a major Achilles Heel in cybersecurity circles because they are both an attractive and vulnerable target. Part of this stems from the fact that updating and securing systems at oftentimes outdated facilities using obsolete software is not always within reach budget-wise, but there is also an industry tendency for apathy in this area.
Dragonfly and Energetic Bear are thought to be affiliated with the Russian government, which targeted the U.S. elections in 2016. The Department of Homeland Security has declined to identify the targeted utilities, but the attacks are assumed to be ongoing and part of a multiyear campaign.
Read the Wall Street Journal’s initial report here.