The Cybersecurity and Infrastructure Security Agency releases a report detailing findings related to Russia’s massive infiltration of government agencies in 2016.
The Kremlin continues to operate its cyber intrusion, and it’s unclear if or when the breach is shut down before a larger attack hits in 2020.
Russian cyber actors at some point gained the ability to cause blackouts and grid disruptions. The full extent of Russia’s newfound capabilities may never be known, though. They breached hundreds of companies and government agencies and are still operating inside networks when the U.S. catches them in 2018.
Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors… The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks.Cybersecurity & Infrastructure Security Agency (CISA)
The cyber actors used these third-party networks to install their malware, which was eventually passed through to those third parties’ clients: U.S. government agencies.
The malware was able to create new administrator accounts on computer systems it touched, allowing the Kremlin to access and control programs and data.
The malware also impersonated email administrator accounts, giving the Kremlin access to all digital communications within an agency. It also provided access to user credentials — usernames, passwords, etc. — for all of the employees in the agencies Russia targeted.
Photo: Public Domain