The US has been quietly planting malware throughout Russia’s energy networks in response to years of Russian attacks on its own power grid, the New York Times reported on Saturday.
Quoting officials interviewed over the last three months, the paper said that the latest moves represent a turning point for the US policy on interfering with Russia’s electricity infrastructure. Under the Obama administration, the US had used reconnaissance tools to monitor Russia’s electricity control systems. The Trump administration has escalated this activity to an offensive campaign, placing software that could destabilise electrical services within Russia.
The move follows years of provocation by Russia, which has reportedly run recurring cybercampaigns targeting the US energy grid.
In March 2019, the Department of Homeland Security (DHS) reported that Russian hackers had been targeting US infrastructure including not just energy and nuclear facilities, but also water, aviation, and critical manufacturing sectors. The hackers would infiltrate the targets’ trusted partner organizations and use them as staging grounds for their attacks, the report warned.
That report updated a similar warning in October 2017, although that one did not single Russia out for blame.
Most recently, security firm Dragos alleged that Xenotime, a hacking group thought to be linked to Moscow, has been using its Triton (also known as Trisys) malware to explore US power networks in possible preparation for a future attack. It identified…
… a persistent pattern of activity attempting to gather information and enumerate network resources associated with US and Asia-Pacific electric utilities.
This behavior could indicate the activity group was preparing for a further cyberattack, or at minimum satisfying the prerequisites for a future ICS-focused intrusion.
Russian hackers were also thought to be behind separate attacks on the Ukranian electrical grid in 2015 and 2017.
The news that the US has been seeding Russian power networks with malware follows moves by the Trump administration to loosen the reins on the Pentagon, freeing it up to take more offensive measures in cyberspace without explicit presidential approval. Last August, it rolled back Obama-era rules on cyberwarfare, removing a layer of inter-agency bureaucracy that stood in the way of launching offensive campaigns.
Then, a month later, the Department of Defense unveiled a new cyber strategy that authorized the military to launch cyberattacks on foreign nations without authorisation from the National Security Council.
This news may represent a new chapter for the US in its approach to aggressive Russian cyberwarfare tactics, but it isn’t the first time that the US has planned or mounted offensive cyber campaigns. In 2010, it carried out Operation Olympic Games, the codename for the Stuxnet malware operation against Iran’s Natanz nuclear enrichment facility.
President Trump fired back at the New York Times on Saturday, calling the publication of the story an act of “virtual treason” and denying the report.