Russian hackers broke into the networks of key U.S. Electric Utilities last year, possibly causing blackouts, The Wall Street Journal reported Monday.
The attack was first detected in the spring of 2016 and continued throughout 2017, the Journal reported, citing officials at the Department of Homeland Security.
It was carried out by hackers who worked for a Russian state-sponsored group previously known as Dragonfly or Energetic Bear, the Journal reported. DHS officials said the hacking campaign is likely to continue.
The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, “air-gapped” or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.
The attackers began by using conventional tools—spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites—to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.
Some companies that were compromised may not yet know they have become a victim in a Russian attack, according to the report. That’s because the hackers used the identities of actual employees to enter the utility networks — complicating efforts to detect the intrusions.
DHS is conducting the briefings—four are planned—hoping for more industry cooperation. One thing the agency is trying to learn is whether there are new infections, and whether the Russians have figured out ways to defeat security enhancements like multifactor authentication.
Since 2014, DHS has been warning utility companies about the possibility of being targeted by Russian hackers, according to the report.
Russia has denied targeting “critical infrastructure” in the U.S., the Journal said.0