As more and more keeps coming out about where evidence of Russian hacking has appeared, the true extent of these state-sponsored security breaches becomes more and more appalling. Now, cybersecurity researchers claim that Russians have hacked multiple U.S. power companies, with the numbers perhaps reaching up into the dozens. While there have not been any attacks on the power grid at this point that anyone is aware of, cybersecurity firm Symantec contends that hackers have obtained an unprecedented level of access to the companies that the U.S. relies on for power.
“This is the first time we’ve seen this scale, this aggressiveness, and this level of penetration in the US, for sure,” said Eric Chien, technical director of Symantec’s Security Technology & Response Division, speaking with Buzzfeed News. While Symantec did not directly connect the series of attacks to Russia, they did conclude that the hacking was state-sponsored, and that a group called Dragonfly 2.0 carried it out. Other cybersecurity firms have linked Dragonfly 2.0 to Russia, however.
While hacks into energy companies are not unheard of, they haven't dominated the news cycles in the same way that hacks into political and business networks have. However, malicious actors gaining access to companies that control power sources in a given country can have detrimental effects.
One hack into Ukraine's power grid in 2015, for example, left over 230,000 without power when hackers switched off about 30 substations across the Ivano-Frankivsk region of Western Ukraine. While this attack was never directly tied back to Russia, they are among the main suspects. It doesn't appear as though Dragonfly 2.0 also carried out this attack, but they do have a similar plan of attack. In both of these cases, the attackers have aimed to get high level credentials through various hacking strategies in order to actually gain access to the power grid.
If attackers actually get these credentials, BuzzFeed reports, they can theoretically seize control of operators' computers remotely, boot off the actual operators, and then cause, for example, a power outage or a power surge. The only way to prevent this is for the companies to change their login credentials and remove all malware that the hackers may have installed, but companies don't always know to do that in time.
Before you start worrying, though, the Department of Homeland Security told Buzzfeed News that they had not found any evidence of a threat to the public. “As always, DHS supports critical infrastructure asset owners and operators who request assistance with intrusions or potential intrusions to their networks,” DHS spokesman Scott McConnell said to BuzzFeed News. No matter what you believe about Russia hacking the 2016 U.S. election or what kind of an adversary the country actually is, news like this is yet more proof that they pose a threat to be taken very seriously.