Russian cyber operatives are attacking critical American infrastructure such as energy grids, nuclear facilities, aviation systems, and water processing plants, according to the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS). The report details numerous attempts, since at least March of 2016, where Russian cyber operatives targeted government entities and multiple US critical infrastructure sectors.
Cybersecurity researchers at Symantec first described the threat in a report last September, noting the malware may actually be linked to an earlier wave from 2014. Analysis by both the FBI and DHS then confirmed a group of “distinct indicators and behaviors” that ultimately singled out “Dragonfly,” a sophisticated group of hackers backed by the Kremlin.
Today’s report offers the first public confirmation by government officials that this type of infrastructure is, or at least was, under attack from foreign hackers.
FBI and DHS officials pinpointed two distinct categories of victims: staging and intended targets. For the initial attack, hackers often infiltrated trusted third-party suppliers for their intended marks. Knowing these targets often relied on less-secure networks than their final victim, the threat actors used them as a sort of trojan horse to plant malware that was actually intended for a much bigger target. These were then used as pivot points to activate the planted malware for use in compromising larger, more-secure networks.
Today’s report didn’t reveal who these marks were, at least not specifically. It did state, however, that the attacked locations were “small commercial facilities” and that these were coordinated and targeted, not random. These also happen to be some of the most vulnerable facilities to these types of attacks, with some running systems first deployed over a decade ago.
Symantec, in its report, warned that the hackers may have the capability to cause large-scale blackouts, although it too was unsure of the scale of the problem.
Accompanying the allegations today were new sanctions on Russia. The sanctions target at least three organizations and 13 individuals. Of those, perhaps the most recognizable is the Internet Research Agency, the so-called “troll farm” responsible for wreaking havoc on the 2016 Presidential election through its use of Facebook ads designed to exploit divisions in American politics.
The Russian Federal Security Service, a sort of military intelligence wing, also made the list.
We’ve reached out to the FBI and Symantec for additional commentary and will update this post as needed.