When the Treasury Department announced it finally was implementing sanctions on Russia for election interference, it also said the move was punishment for cyberattacks on U.S. infrastructure.
Russian hackers are conducting a broad assault on the U.S. electric grid, water processing plants, air transportation facilities and other targets in rolling attacks on some of the country’s most sensitive infrastructure, U.S. government officials said Thursday.
The announcement was the first official confirmation that Russian hackers have taken aim at facilities on which hundreds of millions of Americans depend for basic services. Bloomberg News reported in July that Russian hackers had breached more than a dozen power plants in seven states, an aggressive campaign that has since expanded to dozens of states, according to a person familiar with the investigation.
NYT:
“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or affect sabotage,” said Eric Chien, a security technology director at Symantec, a digital security firm.
“From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation,” Mr. Chien said.
A joint alert from the Department of Homeland Security and the FBI says hackers have been targeting U.S. facilities since March 2016 and explains how the Russian operation works.
DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
The alert says the Russian campaign "has affected multiple organizations in the energy, nuclear, water, aviation, construction, and critical manufacturing sectors" and offers "detection and prevention guidelines" for network users and administrators.
NYT:
The groups that conducted the energy attacks, which are linked to Russian intelligence agencies, appear to be different from the two hacking groups that were involved in the election interference.
That would suggest that at least three separate Russian cyberoperations were underway simultaneously. One focused on stealing documents from the Democratic National Committee and other political groups. Another, by a St. Petersburg “troll farm” known as the Internet Research Agency, used social media to sow discord and division. A third effort sought to burrow into the infrastructure of American and European nations.
(...)
Russian cyberattacks surged last year, starting three months after Mr. Trump took office.
American officials and private cybersecurity experts uncovered a series of Russian attacks aimed at the energy, water and aviation sectors and critical manufacturing, including nuclear plants, in the United States and Europe. In its urgent report in June, the Department of Homeland Security and the F.B.I. notified operators about the attacks but stopped short of identifying Russia as the culprit.
By then, Russian spies had compromised the business networks of several American energy, water and nuclear plants, mapping out their corporate structures and computer networks.
(...)
In an updated warning to utility companies on Thursday, Homeland Security officials included a screenshot taken by Russian operatives that proved they could now gain access to their victims’ critical controls.
Russia has shown a willingness to leverage access into energy networks for damaging effect in the past. Kremlin-linked hackers were widely blamed for two attacks on the Ukrainian energy grid in 2015 and 2016, that caused temporary blackouts for hundreds of thousands of customers and were considered first-of-their-kind assaults.
Russia has shown a willingness to leverage access into energy networks for damaging effect in the past. Kremlin-linked hackers were widely blamed for two attacks on the Ukrainian energy grid in 2015 and 2016, that caused temporary blackouts for hundreds of thousands of customers and were considered first-of-their-kind assaults.
Senator Maria Cantwell, the top Democrat on the Senate Energy and Natural Resources Committee, asked the Trump administration earlier this month to provide a threat assessment gauging Russian capabilities to breach the U.S. electric grid.
It was the third time Cantwell and other senators had asked for such a review. The administration has not yet responded, a spokesman for Cantwell’s office said on Thursday.
The big problem the U.S. now faces is figuring out how to respond to and stop these Russian hacks.
NYT:
Lt. Gen. Paul Nakasone, who has been nominated as director of the National Security Agency and commander of United States Cyber Command, the military’s cyberunit, said during his Senate confirmation hearing this month that countries attacking the United States so far have little to worry about.
“I would say right now they do not think much will happen to them,” General Nakasone said. He later added: “They don’t fear us.”
Russian Hackers Attacking U.S. Power Grid and Aviation, FBI Warns (Bloomberg Politics)
Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says (NYT)
In a first, U.S. blames Russia for cyber attacks on energy grid (Reuters)
Russian Government Cyber Activity targeting Energy and Other Critical Infrastructure Sectors (US-CERT alert)