On Thursday, the Trump administration accused the Russian government of conducting cyber attacks against the US power grid, including nuclear facilities. Bloomberg/Getty Images photo.
Russians gained access to US power grid through small commercial facilities
On Thursday, the Trump administration accused the Russian government of participating in a campaign of cyber attacks against the US power grid. The attacks date back at least two years and targeted a number of facilities, including nuclear operations.
“The administration is confronting and countering malign Russian cyberactivity, including their attempted interference in U.S.elections, destructive cyberattacks, and intrusions targeting critical infrastructure,” Treasury Secretary Steven Mnuchin said in a statement.
“These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia,” added Mnuchin.
Russian government hackers targeted US government entities and a number of critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing.
It is not clear at this time what impact the attacks had on American energy companies and industrial firms that were targeted by Russia.
According to a report by Reuters, the attacks began in March 2016, or possibly sooner and news of the hacking campaign surfaced in June in a confidential alert to industry.
In July, news reports examined the targeting by hackers of the Wolf Creek Nuclear Operating Corp, the operator of a nuclear plant in Kansas.
At the time, the company said there was no operational impact at the facility. John Keeley, spokesman for the Nuclear Energy Institute said “There has been no successful cyber attack against any U.S. nuclear facility, including Wolf Creek.”
US cyber security firm Symantec reported last fall that a group it had named Dragonfly had targeted US and European energy companies. In some cases, the core systems that control the the companies’ operations were successfully broken into.
The hackers were able to gain access to organizations in the US, Turkey and Switzerland back in late 2015 by using malicious e-mails, according to Symantec.
In the past, US security officials warned America’s energy infrastructure could be vulnerable to debilitating cyber attacks from hostile adversaries. Thursday’s condemnation by the Trump administration is the first time the US has publicly accused Russia of attempting to hack into the US energy grid.
In an alert issued by the Department of Homeland Security and the FBI, the agencies said a “multi-stage intrusion campaign by Russian government cyber actors” had targeted the networks of small commercial facilities “where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.”
The Russian campaign targeted engineers and technical staff who had access to industrial controls. This suggests that the hackers were looking to disrupt plant activities. However, Ben Read, manager for cyber espionage analysis with FireEye, a cyber security company, told Reuters it has no evidence that they actually followed through with any such actions.
Read added the hacking campaign was widely known in security and industrial circles prior to the Trump administration’s announcement on Thursday.
“People sort of suspected Russia was behind it, but today’s statement from the U.S. government carries a lot of weight,” Read said.
Russia has been widely blamed for two attacks on the energy grid in Ukraine in 2015 and 2016. As well, the Treasury Department says Russia was involved in the NotPetya cyberattack that caused billions of dollars in damage in the United States, Europe and Asia in what the department called “the most destructive and costly cyberattack in history.”
Also on Thursday, the US Treasury Department announced it has imposed sanctions on Russian organizations and 19 Russian individuals, many of whom have been subpoenaed by special counsel Robert Mueller.
Organizations singled out for sanctions include Russia’s top intelligence services, the Federal Security Service (FSB) and the Main Intelligence Directorate (GRU). The two agencies, along with Russian troll farm the Internet Research Agency (IRA), are said to have been behind disinformation campaigns created to help Donald Trump win the 2016 election.
The IRA has been included in the Treasury sanctions.