The US has been quietly planting malware throughout Russia’s energy networks in response to years of Russian attacks on its own power grid, the New York Times reported on Saturday.
Quoting officials interviewed over the last three months, the paper said that the latest moves represent a turning point for the US policy on interfering with Russia’s electricity infrastructure. Under the Obama administration, the US had used reconnaissance tools to monitor Russia’s electricity control systems. The Trump administration has escalated this activity to an offensive campaign, placing software that could destabilise electrical services within Russia.
The move follows years of provocation by Russia, which has reportedly run recurring cybercampaigns targeting the US energy grid.
In March 2019, the Department of Homeland Security (DHS) reported that Russian hackers had been targeting US infrastructure including not just energy and nuclear facilities, but also water, aviation, and critical manufacturing sectors. The hackers would infiltrate the targets’ trusted partner organizations and use them as staging grounds for their attacks, the report warned.
That report updated a similar warning in October 2017, although that one did not single Russia out for blame.
Most recently, security firm Dragos alleged that Xenotime, a hacking group thought to be linked to Moscow, has been using its Triton (also known as Trisys) malware to explore US power networks in possible preparation for a future attack. It identified…
… a persistent pattern of activity attempting to gather information and enumerate network resources associated with US and Asia-Pacific electric utilities.
This behavior could indicate the activity group was preparing for a further cyberattack, or at minimum satisfying the prerequisites for a future ICS-focused intrusion.
Russian hackers were also thought to be behind separate attacks on the Ukranian electrical grid in 2015 and 2017.
The news that the US has been seeding Russian power networks with malware follows moves by the Trump administration to loosen the reins on the Pentagon, freeing it up to take more offensive measures in cyberspace without explicit presidential approval. Last August, it rolled back Obama-era rules on cyberwarfare, removing a layer of inter-agency bureaucracy that stood in the way of launching offensive campaigns.
Then, a month later, the Department of Defense unveiled a new cyber strategy that authorized the military to launch cyberattacks on foreign nations without authorisation from the National Security Council.
This news may represent a new chapter for the US in its approach to aggressive Russian cyberwarfare tactics, but it isn’t the first time that the US has planned or mounted offensive cyber campaigns. In 2010, it carried out Operation Olympic Games, the codename for the Stuxnet malware operation against Iran’s Natanz nuclear enrichment facility.
President Trump fired back at the New York Times on Saturday, calling the publication of the story an act of “virtual treason” and denying the report.
5 comments on “The US is reportedly seeding Russia’s power grid with malware”
I would like to see some evidence before believing anything along these lines. There is so much ‘misinformation’ available that I think it could be any foreign state responsible. Goodness knows there is no lack of suspects.
I agree. The mainstream media (especially NYTimes) has so many agendas, and gets things wrong so often, I never trust them at face value. I want to see some concrete evidence – period. If they aren’t going to provide solid evidence, what was the purpose of their article? To cause panic among public discourse and foreign relations?
This article had 6 comments. Now there is 2. Censorship on a computer blog?
The comments on Naked Security are moderated by humans. This is a time consuming task but we think it’s an essential part of maintaining a high quality discussion – it’s why the comments sections on our articles are generally worth reading, IMO, and why we’ve not had to turn them off as so many publications have.
We err on the side of publishing, and we publish almost every comment, but a comment is not guaranteed to appear just because somebody wrote it.