Russian hackers are ready to disrupt US energy utilities, says DHS

Remember the stark warning from the US Department of Homeland Security (DHS) earlier this year that the Russians were trying to hack the country’s energy grid?

According to comments made on the record by the Department’s chief of industrial-control-system analysis, Jonathan Homer, this campaign was a lot more serious that anyone has previously admitted.

Historically, warnings about alleged Russian attacks on US infrastructure have tended to be general in nature – aspiration as much as achievement – but Homer’s comments add details that seem designed to raise the anxiety level a couple of notches.

From 2016 and into this year, Homer says Russian hackers have snared “hundreds of victims” in the utilities and equipment sectors, and “got to the point where they could have thrown switches” in a way that could have caused power blackouts. Predictably, these compromises started with phishing attacks, he said, before adding that the attackers had been sophisticated enough to jump air-gapped networks.

Some victim companies might even today be unaware that they were targeted, a curious admission by the official given that one of the DHS’s jobs would surely be to tell them.

None of this will surprise anyone who took the time to read through the DHS alert from March, which offered a blow-by-blow account of how these attackers have been targeting the energy sector right down to which password cracking tools they prefer.

The groups alleged to be behind all this are nicknamed Dragonfly and Energetic Bear – the activity of both of these groups has been well documented over the last four years.

It might look a little strange that someone from the DHS would want to draw public attention to a successful attack by one of these groups in a way that serves to advertise their capabilities. It could be that officials want to underscore private warnings that have been handed out to the energy sector and perhaps pave the way politically for even more investment in US cyber defence.

There are now regular stories about Russian attacks against all sorts of online systems, including a separate indictment of 12 Russians for the alleged leaking of DNC emails during the 2016 election.

More recently came an unusually technical warning about how a group called Grizzly Steppe was attempting to compromise home routers.

On the other hand, perhaps these warnings are a way of sending these groups – and their alleged nation state paymasters – the message that what they are trying to do is being looked at under the microscope, and generating the forensics to point the blame squarely at them won’t be as hard as they think.

Energy and utility infrastructure is vulnerable in every country, and that includes Russia of course. That some nations might want to understand how to exploit it is a certainty, but under what conditions they would try to disrupt utilities in a country such as the US usually ends up being an exercise in pointless speculation.

As the disruptive 2015 and 2016 attacks on Ukraine demonstrated, that’s already happened on a small scale. The question is if, when and how the attackers will try something much bigger.