U.S. blames Russia for cyber attacks on energy grid

The Trump administration on Friday blamed the Russian government for a campaign of cyber attacks stretching back at least two years that targeted the U.S. power grid, marking the first time the United States has publicly accused Moscow of hacking into American energy infrastructure.

Beginning in March 2016, or possibly earlier, Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a U.S. security alert published Thursday (March 15).

Thursday’s alert provided a link to an analysis by the U.S. cyber security firm Symantec last fall that said a group it had dubbed Dragonfly had targeted energy companies in the United States and Europe and in some cases broke into the core systems that control the companies’ operations.

Malicious email campaigns dating back to late 2015 were used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries, Symantec said at the time, though it did not name Russia as the culprit.

News of the hacking campaign targeting U.S. power companies first surfaced in June in a confidential alert to industry that described attacks on industrial firms, including nuclear plants, but did not attribute blame.

“This is actually the reference to the previous Dragonfly attacks that we talked about last year, basically,” said Eric Chien, technical director of Symantec’s Security Technology and Response division. “CERT (United States Computer Emergency Readiness Team) has basically released some additional indicators related to those attacks and the U.S. government has stated that Russia is actually behind those attacks and has implemented sanctions accordingly.”

The Department of Homeland Security and FBI said in the alert that a “multi-stage intrusion campaign by Russian government cyber actors” had targeted the networks of small commercial facilities “where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” The alert did not name facilities or companies targeted.

The direct condemnation of Moscow represented an escalation in the Trump administration’s attempts to deter Russia’s aggression in cyberspace, after senior U.S. intelligence officials said in recent weeks the Kremlin believes it can launch hacking operations against the West with impunity.

It coincided with a decision Thursday by the U.S. Treasury Department to impose sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the 2016 U.S. presidential election and other malicious cyber attacks. Russia in the past has denied it has tried to hack into other countries’ infrastructure, and vowed on Thursday to retaliate for the new sanctions.

Russian businessman Evgeny Prigozhin, one of those indicted by Mueller and hit with sanctions on Thursday, said in comments cited by RIA news agency that he already had been hit with U.S. sanctions “maybe three or four times – I’m tired of counting.”