Group with Russian government links breached the US power grid
A leading cybersecurity firm has claimed a hacking group with alleged links to the Russian government breached the US power grid.
Symantec says the hacking group is nicknamed Dragonfly 2.0 and compromised more than a dozen American companies in recent months. The companies supply power to the US power grid and the hackers acquired high-level access.
The group, which has also gone by the nicknames of Crouching Yeti and Energetic Bear, attacked global energy companies from 2011 until 2014. Until recently the group had gone quiet after its tactics were publicly exposed.
“This is the first time we’ve seen this scale, this aggressiveness, and this level of penetration in the US, for sure,” Eric Chien, technical director of Symantec’s Security Technology & Response Division, told BuzzFeed News.
Russia is often accused of being linked to cyberattacks, but the tempo and severity appear to have increased in recent months. An investigation into Russian ties to meddling in the US presidential elections is still ongoing and just today Facebook stoked concerns.
“In reviewing the ads buys, we have found approximately $100,000 in ad spending from June of 2015 to May of 2017 — associated with roughly 3,000 ads — that was connected to about 470 inauthentic accounts and Pages in violation of our policies,” wrote Alex Statmos, Chief Security Officer at Facebook, in an official statement. “Our analysis suggests these accounts and Pages were affiliated with one another and likely operated out of Russia,”
Attacks which compromise the power grid represent a step up in severity for cyberattacks. Turning off the power causes economic damage and could even cause loss of life in examples such as hospitals and traffic management systems.
Dragonfly has changed tactics somewhat and now attempt to cover its tracks by using public hacking tools. The group aim for gaining high-level credentials for operating systems which, even after malware is removed, could allow the hackers to log back in whenever they’d like.
These attacks highlight once again the need for adequate cybersecurity protection and countermeasures.
What are your thoughts on the power grid breach? Let us know in the comments.