Department of Homeland Security (DHS) officials said Russian hackers penetrated the control rooms of hundreds of U.S. utilities last year as part of a campaign against power company vendors that could be ongoing, The Wall Street Journal reported Monday.
DHS officials told the Journal that hackers, working for a state-sponsored group known as Dragonfly or Energetic Bear, were able to breach the networks of U.S. utilities to the point that they could have caused blackouts.
The hackers broke into utilities’ isolated networks by hacking networks belonging to third-party vendors that had relationships with the power companies, the Department of Homeland Security said in a press briefing on Monday.
“They got to the point where they could have thrown switches” said Jonathan Homer, chief of industrial-control-system analysis for DHS.
DHS did not reveal which companies were victimized by the hacks, but indicated there were hundreds affected by the security breach.
The Hill notes:
Other companies reportedly may still be unaware they were part of the breach because the hackers may have broke in using employee credentials.
The U.S. government had previously accused Russia of staging a multi-year cyberattack campaign against the energy grid and other elements of critical infrastructure in the United States. It said the effort dated back to at least early 2016, and focused on networks belonging to small commercial facilities with the goal of working up toward larger energy companies.
Cyberattacks on electrical systems aren’t an academic matter. In 2016, Ukraine’s grid was disrupted by cyberattacks attributed to Russia, which is engaged in territorial disputes with the country over eastern Ukraine and the Crimean peninsula. Russia has denied any involvement in targeting critical infrastructure.
From a 2016 CBS News report: