The Homeland Security Department and the FBI had issued a joint alert, stating that the critical infrastructure is not safe from attack – and that hackers now have the ability to seize full control of American energy infrastructure.
The energy industry was notified on Saturday that the US government detected sophisticated hacking attempts, targeting powerful industrial control systems that run nuclear power plants, and water supplies. Aviation control systems were also targeted in the attack.
The warning read, “DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector.”
“An in-depth analysis of the malware that is used in this campaign and the indicators of all the compromised networks revealed that “this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign,” as per the alert issued.
The hackers behind these cyber-attacks have yet to be identified, but the attacks are of such a complexity that state-actors are expected culprits.
A DHS spokesman Scott McConnell said this joint alert “provides recommendations to prevent and mitigate malicious cyber activity targeting multiple sectors” while also pressing the importance of the DHS commitment to remain vigilant against new threats as always.
Private security specialists, claim that the cyber campaign against the American infrastructure bore the hallmarks of Russian cyber-intrusion activities.
This detailed technical analysis of the cyber-crime campaign highlights the growing and eminent danger of foreign states’ efforts to map up further networks that may control critical infrastructures in preparation for future operations that could possibly shut down the electric grid and other infrastructures.
Adm. Mike Rogers, the Cyber Command commander and director of the National Security Agency, in Congress in May, told that he is concerned about the foreign nations using these cyber-attacks against critical infrastructures that run the electric grid, financial systems, communications networks, the transportation systems, and other such system.
“We assess that several countries, including Iran, have conducted disruptions or remote intrusions into critical infrastructure systems in the United States,” Rogers said in his statement.
Rogers says that the infiltrations may appear as the early preparation for the future attacks that are intended to harm American citizens.
In the worst-case scenarios a future cyber war that may include the destruction of some critical infrastructure that may prove to be difficult to repair and may cause mass casualties.
“The pace of international conflict and cyberspace threats has intensified over the past few years,” Rogers had told the Senate Armed Services Committee. “We face a growing variety of advanced threats from actors who are operating with ever more sophistication and precision.”
“A large-scale cyber-attack on civilian critical infrastructure could cause chaos by disrupting the flow of electricity, money, communications, fuel, and water,” the Pentagon board said on the matter. “Thus far, we have only seen the virtual tip of the cyber-attack iceberg.”
“Russia and China have both been part of the problem to date, and could take this threat to the next level by using cyber in sustained campaigns to undermine U.S. economic growth, financial services and systems, political institutions (e.g., elections), and social cohesion,” the report by Pentagon noted
“This is very aggressive activity,” said Robert Lee, the chief executive of the cyber-security firm Dragos, and further commented, that the report appeared to describe the activities by hackers supporting the Russian government interests.
“Historically, cyber threat actors have targeted the energy sector with various results, ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the notice issued from the DHS’s U.S. Computer Emergency Readiness Team said. “Historically, threat actors have also targeted other critical infrastructure sectors with similar campaigns.”
“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” Symantec said in a September report on the possible intrusion campaign.