By Dustin Volz and Timothy Gardner
The Trump administration on Thursday blamed the Russian government for a campaign of cyber attacks stretching back at least two years that targeted the U.S. power grid, marking the first time the United States has publicly accused Moscow of hacking into American energy infrastructure
Beginning in March 2016, or possibly earlier, Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a U.S. security alert published Thursday.
The Department of Homeland Security and FBI said in the alert that a “multi-stage intrusion campaign by Russian government cyber actors” had targeted the networks of small commercial facilities “where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” The alert did not name facilities or companies targeted.
The direct condemnation of Moscow represented an escalation in the Trump administration’s attempts to deter Russia’s aggression in cyberspace, after senior U.S. intelligence officials said in recent weeks the Kremlin believes it can launch hacking operations against the West with impunity.
It coincided with a decision Thursday by the U.S. Treasury Department to impose sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the 2016 U.S. presidential election and other malicious cyber attacks.
Russia in the past has denied it has tried to hack into other countries’ infrastructure, and vowed on Thursday to retaliate for the new sanctions.
‘UNPRECEDENTED AND EXTRAORDINARY’
U.S. security officials have long warned that the United States may be vulnerable to debilitating cyber attacks from hostile adversaries. It was not clear what impact the attacks had on the firms that were targeted.
But Thursday’s alert provided a link to an analysis by the U.S. cyber security firm Symantec last fall that said a group it had dubbed Dragonfly had targeted energy companies in the United States and Europe and in some cases broke into the core systems that control the companies’ operations.
Malicious email campaigns dating back to late 2015 were used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries, Symantec said at the time, though it did not name Russia as the culprit.
The decision by the United States to publicly attribute hacking attempts of American critical infrastructure was “unprecedented and extraordinary,” said Amit Yoran, a former U.S. official who founded DHS’s Computer Emergency Response Team.
“I have never seen anything like this,” said Yoran, now chief executive of the cyber firm Tenable, said.
A White House National Security Council spokesman did not respond when asked what specifically prompted the public blaming of Russia
U.S. officials have historically been reluctant to call out such activity in part because the United States also spies on infrastructure in other parts of the world.
News of the hacking campaign targeting U.S. power companies first surfaced in June in a confidential alert to industry that described attacks on industrial firms, including nuclear plants, but did not attribute blame.
“People sort of suspected Russia was behind it, but today’s statement from the U.S. government carries a lot of weight,” said Ben Read, manager for cyber espionage analysis with cyber security company FireEye Inc.
Keep reading …