Attempts by hackers to break into the energy sector in the US and abroad have made headlines in recent months.
According to a report by the cybersecurity firm Symantec, hackers have now successfully infiltrated power grid controls in the US and Turkey, and gained access to systems “that could provide attackers with the means to severely disrupt affected operations,” the report reads.
The recent campaign of attacks was waged by a group Symantec is calling Dragonfly 2.0. The security firm did not link the hacking group to any nation-state actors, but noted that some of the code string in the malware used in the attacks was in Russian and French.
Russia has been linked to massive blackouts in Ukraine on two separate occasions.
The hacking group penetrated dozens of power companies in the US and beyond, according to Symantec security analyst Eric Chien.
“Out of [the dozens compromised] we’ve seen a handful where it’s clear that they’re [compromised] on the operational side,” Chien says. “This the most concerning part of what we found.”
Chien says that level of access on the operational side — access that hackers could use to cause massive power blackouts — is unprecedented in the US.
“We’re unaware of [hackers] getting this level of access on this scale,” Chien said. “We're not just talking about ... one organization, but multiple [hacked] organizations within the US.”
Symantec did not provide the names of companies affected, but Chien says his firm reached out to dozens of energy companies that may have been hit.
“Unfortunately remediation in this case isn't that simple. Typically you would just simply be imaging machines to remove the malicious software and sort of move on,” Chien said. “But in this case, the actors were going heavily after credentials so even if you do that, they still actually might have things like usernames and passwords and being able to get back into these systems.”