Russia Linked Hackers Attack Critical US Infrastructure

Electrical Grid
Why do hacking groups have such silly names? "Energetic Bear"? Really?

The Department of Homeland Security (DHS) is currently assessing reports that the US electrical infrastructure was attacked. Symantec, a leading cybersecurity firm, traced the security breach to a hacker organization called “Dragonfly.”

“Dragonfly” is one of innumerable hacking groups that regularly threatens the US, however the group has ties to the Russian government and may have played a role in the hacking and destruction of Ukraine’s power grid in 2015 and 2016.

A spokesperson for the DHS confirmed that the department is aware of the problem, and is actively working with the private sector to monitor the US energy grid for signs of damage. “We continue to coordinate with government and private sector partners to look into this activity and, through our National Cybersecurity and Communications Integration Center, we have released multiple information products to the critical infrastructure community to provide detection and response recommendations to help them secure their networks,” DHS spokesman, Scott McConnell, stated.

“As always, DHS supports critical infrastructure asset owners and operators who request assistance with intrusions or potential intrusions to their networks,” he added.

The Hill has reported that: “The FBI and DHS have previously linked the hacker group ‘Dragonfly,’ also known as ‘Energetic Bear,’ to malicious Russian cyber activity targeting the U.S. Symantec linked the newly revealed hacking campaign to Dragonfly based on the malware used by the hacking group in the past, but has not attributed the activity to a particular country.

Concerning, it seems that, even if this attack didn’t cause any catastrophic damage, it may be the precursor to a more devastating strike. Symantec issued a warning, explaining that “the Dragonfly 2.0 campaign shows how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems that could be used for more disruptive purposes in the future.”

“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation,” Eric Chien, technical director of Symantec’s Security Technology & Response Division stated. “We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world,” he added.

Chien also noted, “This is the first time we’ve seen this scale, this aggressiveness, and this level of penetration in the US, for sure.”

“What’s most concerning is we now see them intruding on operational networks of energy companies,” he expressed. And that, “Before, we were talking about them being one step away, and what we see now is that they are potentially in those networks and are zero steps away. There are no more technical hurdles for them to jump over.”