Russia-backed hackers penetrated U.S. utilities

Hackers working for Russia last year gained access to some U.S. utilities where they could have caused blackouts, according to The Wall Street Journal. The long-running campaign by a state-sponsored group known as Dragonfly or Energetic Bear used phishing emails and spoof websites to penetrate the networks of key tech vendors that had trusted relationships with the power companies. From there the hackers stole credentials to gain access to the utilities. A Department of Homeland Security official said there were “hundreds of victims.”

“They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief of industrial control system analysis for DHS. The Journal also quoted Michael Carpenter, former deputy assistant secretary of defense, saying the Russians are “positioning” themselves for an attack: “They are waging a covert war on the West.” Russia has denied targeting critical infrastructure. In 2017, security company Symantec reported that hackers had broken into systems of utility companies in North America over the past two years and speculated that Russia was involved. The Trump administration accused Moscow of the attacks in March.