Officials from the Department of Homeland Security (DHS) have told the that a group of Russian hackers compromised the network of several power companies in the United States, gaining access to electric utilities control rooms in a long-running campaign.
The officials told that the breach, which has claimed "hundreds of victims," first surfaced in the spring of 2016, continued throughout last year, and could still be continuing.
"They got to the point where they could have thrown switches" to disrupt the flow of power, causing immediate blackouts, Jonathan Homer, the chief of industrial-control-system analysis for DHS, told the journal.
While Moscow has denied any role in the alleged attacks, federal officials have maintained that hackers belonging to a Russian state-sponsored cyber espionage group known as Dragonfly or Energetic Bear are behind the breach.
They said the group leveraged the relationship between U.S. power companies and the third-party vendors they had employed — for maintenance tasks like updating software on running diagnostics — to carry out the attack.
The vendors had special access to the secure electric utilities network, which the hackers infiltrated by using conventional mechanisms like phishing emails and watering-hole — where spoofed websites are used to get a particular target to enter his credentials.
Once the employees of the vendors, most of which were low-budget companies, were caught in the trap, the hackers got into their corporate networks and stole the credentials to get into the network providing access to the electric utilities control room. After getting in, they stole as much information as possible, learning about the systems and equipment in use as well as facility operations.
That said, it still remains unclear if this was a move aimed at striking a devastating blow to the critical infrastructure in the future. "They've been intruding into our networks and are positioning themselves for a limited or widespread attack," Michael Carpenter, former deputy assistant secretary of defense, told the WSJ.
The report did not name the companies that have been compromised in the breach but stated that many of them may still don't know about the attack because legitimate credentials of their vendors were used to gain access to the utilities.
Now, the DHS is trying to collect more evidence regarding this breach. First, it hopes to determine if there are new breaches in the critical infrastructure and then, it aims to establish if the Russians have found a way to bypass their security mechanisms or automate their cyber-attacks.
Cyber-attacks on networks and organizations related to critical infrastructures, like the one in this case, have increased drastically over the last few years, mainly because of their outdated software systems. Just last month, hackers working for the Chinese government reportedly stole more than 600GB of high-sensitive data from a contractor working for the U.S. Navy.