Russian hackers infiltrated US electric utilities last year and had the ability to cause widespread blackouts, the Department of Homeland Security said in a briefing on Monday.
Symantec first reported on a hacking campaign by the state-sponsored group Dragonfly targeting dozens of victims in the US energy sector in 2017.
But Monday marked the first time the DHS had provided detailed information about the incident in an unclassified setting, and it said the hack affected “hundreds of victims.”
The agency said attacks began in 2016 and continued through 2017, and DHS officials said the campaign was most likely still ongoing.
By first penetrating the networks of power companies’ trusted vendors, hackers for Dragonfly, also known as Energetic Bear, were able to access utility networks, The Wall Street Journal reported Monday, citing officials at the DHS.
Russians used email phishing scams and fake websites to gain access to corporate networks.
“They got to the point where they could have thrown switches” and caused power failures, said Jonathan Homer, the chief of industrial-control-system analysis for DHS.
Experts told The Journal it was unclear whether the attack was done in isolation or in preparation for a larger operation.
The DHS confirmation comes amid increasingly tense relations between Moscow and Washington. Earlier this month, 12 Russian intelligence agents were indicted in relation to the hacking of the Democratic National Committee before the 2016 US election.
You May Like This