The Department of Homeland Security (DHS) and the FBI have announced that hackers working at the behest of the Russian government are behind a campaign of cyberattacks against American infrastructure. The agencies’ report reveals that multiple attempts to compromise government entities and energy, nuclear, commercial, water, aviation, and critical manufacturing sectors have been taking place since at least March 2016.
Last September, security firm Symantec warned of a resurgence in energy sector attacks by a group of Kremlin-backed hackers known collectively as Dragonfly. Symantec and a few other researchers in 2014 exposed some of their activities, forcing them into a “quiet period.” The DHS and FBI wrote that the company's report “provides additional information about this ongoing campaign.”
Today’s alert reveals that the cyberattacks targeted two types of entities: staging and intended targets. The initial victims are organizations linked to the hackers’ primary targets, such as third-party suppliers who have less secure networks. These are used to plant malware and conduct spear phishing campaigns as a means of infiltrating the energy sector networks.
"After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally and collected information pertaining to industrial control systems," reads the report.
The alert did not name the companies targeted, but it does reveal that they are “small commercial facilities,” some of which are highly vulnerable as they still run older systems. It’s unclear how close the hackers came to gaining control of the systems, and whether the attacks are still ongoing.
The report arrived on the same day that the Treasury Department imposed sanctions against five Russian entities, including the notorious Internet Research Agency, and 19 individuals for attempting to interfere in the 2016 US election and their involvement in a number of cyberattacks, including the NotPetya ransomware incident.