Hackers linked to the Russian government have broken into energy companies supplying electricity to America’s power grid — and potentially now have the ability to to cause major blackouts in the US.
Researchers at the American cybersecurity firm Symantec published a report on Wednesday that detailed how the group of hackers has waged a cyber espionage campaign that has broken into dozens of energy firms in the US, as well as in Turkey and Switzerland. The attacks date back to 2015, but the pace accelerated this spring.
“This is the first time we’ve seen this scale, this aggressiveness, and this level of penetration in the US, for sure,” Eric Chien, technical director of Symantec’s Security Technology & Response Division, told BuzzFeed News.
The hackers have tapped into the key operational networks of these energy companies, meaning that they could potentially control parts of the power grids that they supply. Those power grids provide electricity for millions of people.
Symantec said it believed that the hacking group was state-sponsored but didn’t specify which country it could be.
Yet we have a big clue: Symantec says that the group carrying out the attacks is Dragonfly — a hacking group which many cybersecurity firms like CrowdStrike believe to have ties to the Russian government. Dragonfly has carried out cyberattacks on the energy sector in various countries since 2011, but its operations seem to be picking up the pace after a dormant period a few years ago.
Text string in the code of their hacks appears in both Russian and French, but the presence of either language could technically just be intended to cloak the true identity of the hackers.
Department of Homeland Security spokesperson Scott McConnell told Vox that “DHS is aware of the report and is reviewing it. At this time there is no indication of a threat to public safety.”
Why the hacking campaign’s access is so dangerous
Foreign hackers have attempted to break into US energy companies that support the US power grid before. But Symantec says that no hacking group has gone quite this far — and it means that the power grid is more vulnerable than it’s ever been before.
“What’s most concerning is we now see them intruding on operational networks of energy companies,” Chien told Ars Technica’s Dan Goodin. “Before, we were talking about them being one step away, and what we see now is that they are potentially in those networks and are zero steps away. There are no more technical hurdles for them to jump over.”
As Goodin notes, the hackers’ access to and control of US energy companies’ operational networks means that hackers could remotely control their equipment, like circuit breakers.
In fact, hackers could potentially coordinate a shutdown of multiple energy suppliers plugged into the same power grid and cause millions of people to lose electricity. Any adversary of the US would undoubtedly consider that a potent weapon for use in some kind of war or terrorist attack.
Hackers have caused substantial power outages before. Cyberattacks on Ukraine’s power system in December 2015 cut off electricity for over 200,000 people outside Kiev for several hours.