The United States has accused Russia of launching cyberattacks that allowed the Kremlin remote access into American nuclear power plants, water facilities, and other critical infrastructure, according to a joint report released Thursday by the Department of Homeland Security and the FBI.
Russian hackers installed malware on vital energy networks and conducted spear phishing operations to gain entry into U.S. computer systems operating a wide range of commercial facilities and nuclear plants, the report said.
Although the hackers didn’t inflict any physical damage, the report’s findings indicate that they had the capabilities to do so by manipulating control systems and shutting down power plants with relative ease.
“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” Eric Chien, a cybersecurity expert at Symantec, a digital security firm, told The New York Times. “From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation.”
Last October, Symantec detailed a group called “Dragonfly,” which the cybersecurity firm believes is behind ongoing cyberattacks against the U.S. energy sector.
Cybersecurity firms, including Symantec, fear the group of hackers intentionally avoided inflicting damage and instead infiltrated U.S. computer systems to gather intelligence that would lay the groundwork for future attacks.
A White House National Security Council spokesman did not respond when asked what specifically prompted the public blaming of Russia. U.S. officials have historically been reluctant to call out such activity in part because the United States also spies on infrastructure in other parts of the world.
News of the hacking campaign targeting U.S. power companies first surfaced in June in a confidential alert to industry that described attacks on industrial firms, including nuclear plants, but did not attribute blame.
“People sort of suspected Russia was behind it, but today’s statement from the U.S. government carries a lot of weight,” Ben Read, manager for cyber espionage analysis with cyber security company FireEye Inc. told CNBC.