Russian hackers infiltrated the control rooms of multiple electric utilities over the past year, gaining the ability to cause blackouts and grid disruptions, officials from the Department of Homeland Security said on a Monday web briefing.
Officials from the Department of Homeland Security told WSJ that hackers from the Russian group Dragonfly, also known as Energetic Bear, were able to infiltrate the networks of USA energy companies enough to disrupt power service or cause blackouts.
Electric utilities are under constant attack from both independent and state-affiliated hackers, which have infiltrated power control systems in the USA and even disrupted the delivery of electricity in places like Ukraine.
"They got to the point where they could have thrown switches", Jonathan Homer, chief of industrial-control-system analysis for DHS, told the Journal. This allowed the hackers to gain access to the corporate networks before they could eventually break into the utility networks.
The hackers broke into supposedly secure networks owned by utilities with relative ease by first penetrating the networks of vendors who had trusted relationships with the power companies, the Journal reported. The aim of the break-in - to steal information or prepare possible conflicts - remains unknown.
Jonathan Homer, chief of industrial-control-system analysis for DHS said the hacking campaign started past year and likely is continuing.
The Journal reports the hacking group "vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled".
The DHS, meanwhile, has been warning utility executives about the group since 2014. Since that time, the number of victims has increased from dozens to hundreds. Other companies reportedly may still be unaware they were part of the breach because the hackers may have broken in using employee credentials. The goal was to disguise themselves as people regularly expected to manage these systems.
Michael Carpenter, former deputy assistant secretary of defense, said the hackers are "positioning themselves for a limited or widespread attack".