Russian government hackers have spent the last two years waging cyberattacks against U.S. government entities and multiple critical infrastructure sectors, the Trump administration said Thursday, marking the first time the White House has officially accused the Kremlin of attempting to breach its power grid amid rising tensions between Washington and Moscow.
Since March 2016, hackers working for the Russian government have targeted government entities and elements of the American energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors, the U.S. Department of Homeland Security and FBI warned in a technical alert.
“Russian government cyber actors […] targeted small commercial facilities’ networks where they staged malware, conducted spear-phishing and gained remote access into energy sector networks,” the alert said.
“After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally and collected information pertaining to Industrial Control Systems,” or ICS – instrumentation used in the operation of critical infrastructure facilities, the alert said.
Russian hackers successfully accessed workstations and servers containing ICS data in “multiple instances,” DHS and FBI acknowledged. It was not immediately clear to what extent any compromised data were exploited.
The malicious activity disclosed by U.S. officials this week was waged by the same sophisticated attack group described in a Sept. 2017 report published by Symantec, a U.S.-based cybersecurity firm, regarding a “highly experienced” threat actor its researchers dubbed “Dragonfly 2.0,” Thursday’s warning said.
“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation,” Eric Chien, technical director of Symantec’s Security Technology & Response Division, said when the initial report was released. “We’re now talking about on-the-ground technical evidence this could happen in the U.S., and there’s nothing left standing in the way except the motivation of some actor out in the world.”
The DHS issued an alert in October addressing the Dragonfly report, but only this week has the federal government publicly linked the group to Russia.
The Russian state-sponsored attempt to hack the U.S. energy grid is “long-term and still ongoing,” a senior U.S. national security official told reporters.
The U.S Treasury cited the attacks in announcing new sanctions Thursday against several Russian nationals accused of “engaging in significant malicious cyber-enabled activities,” including six people accused of working for the GRU, a Russian military intelligence organization allegedly responsible for several suspected state-sponsored hacking operations, ranging from the attack on the 2016 U.S. presidential race, to unleashing the debilitating NotPetya that crippled computer systems last year.
In late 2016, the Obama administration imposed sanctions on Russia after U.S. intelligence officials assessed that Moscow had meddled in that year’s White House race. President Trump has been reluctant to blame Russia with interfering in his election, however, notwithstanding other members of his administration being more vocal about Russia’s role.
“The administration is confronting and countering malign Russian cyber activity, including their attempted interference in U.S. elections, destructive cyber-attacks and intrusions targeting critical infrastructure,” Treasury Secretary Steven Mnuchin said Thursday in announcing the sanctions.
“These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia,” he said.
Russia intends to respond in kind, Deputy Foreign Minister Sergei Ryabkov said Thursday.
“We have already started working on our reciprocal measures,” Mr. Ryabkov said, state-owned media reported. “I believe further demonstrative, tough actions (on the part of the U.S.) are possible. We are ready for them.”
Russia has previously denied hacking U.S. targets.
The Washington Times Comment Policy
The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our
Comment Policy before commenting.
