Persistence seems to be payoff for Russia as reports continue to surface about their efforts to penetrate US power grids. The Department of Homeland Security released information earlier this year about Russia’s invasive behavior, not once, but twice. This third time, the intelligence reports come from FireEye, headquartered in California with an office near Washington DC.
FireEye reports that US power grids have taken strong steps to protect themselves, following the North American Electric Reliability Corporation Critical Infrastructure Protection requirements for defense. These include network defense and segregation, two-factor authentication, strict access controls and more. But not all segments of the power grids are currently at these high standards and Russian attackers are still finding ways in.
At this time, it’s still believed the objective is to spy and gather intelligence rather than bringing about a shutdown or blackout. But that’s no reason to take comfort or be complacent.
While it’s expected that other nation states could also be trying to gain access, such as Iran and North Korea, Russia is the primary culprit found to be carrying out this behavior. The Russian group suspected of this effort goes by the names TEMP.isotope and, perhaps better known, Dragonfly 2.0, and Energetic Bear. The group uses a combination of common hacking tools and methods along with a custom-built backdoor technique.
Clearly, the problem continues and should be taken with increasing seriousness if not outright alarm. Perhaps even scarier, many believe the full extent of Russia’s infiltration of our electrical grids isn’t even yet known.
Read full Russian hackers penetrating America’s power grid article