Russia has been accused of running a two-year-long campaign of cyber-attacks against the US power grid.
The Trump administration said state-backed hackers launched assaults on the US electrical grid, marking the first time the United States has publicly accused Moscow of cracking into American energy infrastructure.
Beginning in March 2016, or possibly earlier, Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a US security alert published yesterday.
The Department of Homeland Security and FBI said a ‘multi-stage intrusion campaign by Russian government cyber actors’ had targeted the networks of small commercial facilities ‘where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.’.
The alert did not name facilities or companies targeted.
The direct condemnation of Moscow represented an escalation in the Trump administration’s attempts to deter Russia’s aggression in cyberspace, after senior US intelligence officials said the Kremlin believes it can launch hacking operations against the West with impunity.
It coincided with a decision Thursday by the Treasury Department to impose sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the 2016 U.S. presidential election and other malicious cyber attacks.
Russia in the past has denied it has tried to hack into other countries’ infrastructure, and vowed on Thursday to retaliate for the new sanctions.
The decision by the United States to publicly blame Russia for attempting to hack American critical infrastructure was ‘unprecedented and extraordinary’, said Amit Yoran, a former U.S. official who founded DHS’s Computer Emergency Response Team.
‘I have never seen anything like this,’ said Yoran, who is chief executive of Tenable, said.
News of the hacking campaign targeting US power companies first surfaced in June in a confidential alert to industry that described attacks on industrial firms, including nuclear plants, but did not attribute blame.
“People sort of suspected Russia was behind it, but today’s statement from the U.S. government carries a lot of weight,” said Ben Read, manager for cyber espionage analysis with cybersecurity company FireEye.
The campaign targeted engineers and technical staff with access to industrial controls, suggesting the hackers were interested in disrupting operations, though FireEye has seen no evidence that they actually took that step, Read said.
A former senior DHS official familiar with the government response to the campaign told Reuters that Russia’s targeting of infrastructure networks dropped off after the publication in the fall of Symantec’s research and an October government alert, which detailed technical forensics about the hacking attempts but did not name Russia.
The official declined to say whether the campaign was still ongoing or provide specifics on which targets were breached, or how close hackers may have gotten to operational control systems.
‘We did not see them cross into the control networks,’ DHS cybersecurity official Rick Driggers told reporters at a dinner on Thursday evening.
It was not clear what Russia’s motive was. Many cybersecurity experts and former U.S. officials say such behavior is generally espionage-oriented with the potential, if needed, for sabotage.
Russia has shown a willingness to leverage access into energy networks for damaging effect in the past. Kremlin-linked hackers were widely blamed for two attacks on the Ukrainian energy grid in 2015 and 2016, that caused temporary blackouts for hundreds of thousands of customers and were considered first-of-their-kind assaults.