‘State hackers penetrated US energy company networks’

The US Department of Homeland Security warns that state hackers, allegedly working for the Russia-affiliated Dragonfly group, have penetrated the networks of US energy companies, The Wall Street Journal reports.

The newspaper writes that government officials said the group claimed “hundreds of victims.” The attackers could have penetrated control rooms, creating the potential to trigger power outages. The US Department is said to have organized a meeting on Monday in which it warned companies. For example, it said companies may not be aware that attackers are present in their networks.

The attacks are said to take place because the Dragonfly or Energetic Bear group is targeting small suppliers of the energy companies, who, for example, have special access to update software. They penetrated the networks of the suppliers using, among other things, targeted phishing attacks, in order to obtain login details. From there they would have focused on the energy networks.

They then looked for information, including about the configuration of the networks and what equipment is in use, an employee of the ministry told the newspaper. The goal would be to pretend to be ‘people who deal with these systems on a daily basis’. The ministry is looking for indications that the attacks are being carried out automatically. That would be the only way to scale up the attacks, the employee said.