Russian hackers gained access to the US electric grid last year, which enabled them to cause widespread blackouts, Homeland Security officials said Monday, suggesting the invasion is continuing, having claimed “hundreds of victims,” The Wall Street Journal reported.
The state-sponsored hackers’ group, known as Dragonfly and Energetic Bear— believed to be sponsored by the Russian government—managed to break through the security of what was supposed to be the utilities’ isolated networks by first invading the networks of third-party vendors that trade with the power companies, the Department of Homeland Security told a Monday briefing for industry officials.
Once inside the vendors’ systems, the hackers stole their credentials to gain access to the supposedly isolated utilities.
“They got to the point where they could have thrown switches” to disrupt the power supply, Jonathan Homer, chief of industrial-control-system analysis for DHS, said.
In December 2015, Russian hackers launched a cyber attack that cut electricity to an estimated quarter-million Ukrainians. Since then, Ukraine has been the victim of a sustained cyberassault unlike any the world has ever seen, according to Wired. The Russian hacker army continued waves of attacks have systematically undermined Ukraine’s media, finance, transportation, military, politics, and energy, deleting data, destroying equipment, bringing entire organizations down to their knees.
“You can’t really find a space in Ukraine where there hasn’t been an attack,” Kenneth Geers, a NATO ambassador who focuses on cybersecurity, told Wired.
HLS officials told industry officials that some US companies still don’t not know they were compromised, since the hackers were using legitimate credentials of real employees to invade the utilities’ networks.
Michael Carpenter, former deputy assistant secretary of defense, who now is a senior director at the Penn Biden Center at the University of Pennsylvania, told the WJS: “They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack. They are waging a covert war on the West.”
In May 2017, President Donald Trump signed an executive order to improve the United States’ cybersecurity, following his January promise to develop a plan to improve US cybersecurity by his 90th day in office. Homeland Security adviser Tom Bossert previewed the order and said it was focused on three US cybersecurity priorities: protecting federal networks, critical infrastructure and the public online.
Perhaps they should pick up the speed while they still have electricity.