Russian state hackers start breaching U.S. power grid and other utilities

Recently Updated

Top Folders

Dates on Trump File reflect when something happens, not when it's first reported.

Sometime in or before March, the Russian government begins launching cyber attacks at U.S. energy, water, and manufacturing.

Russian cyber actors at some point gain the ability to cause blackouts and grid disruptions. The full extent of Russia’s newfound capabilities may never be known, though. They breached hundreds of companies and government agencies and are still operating inside networks when the U.S. catches them in 2018.

Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors… The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks.

Cybersecurity & Infrastructure Security Agency (CISA)

The cyber actors use these third-party networks to install their malware, which is eventually passed through to those third parties’ clients: U.S. government agencies.

The malware has multiple uses, but one identified use is that it creates new administrator accounts on computer systems it touches, letting the Kremlin access and control programs and data.

Another function of the malware is that it can impersonate an email administrator account, giving the Kremlin access to all digital communications within an agency. They are also able to tap into user credentials — usernames, passwords, etc. — for all of the employees in the agencies they target.

A similar cyber infiltration from Russia hits U.S. agencies in 2020, but its reach is far greater than the 2016 hack.

James Lewis, a cybersecurity expert and vice president of the Center for Strategic and International Studies, tells NPR this kind of attack has happened before.

“The Russians have been doing this for years,” Lewis said. “The change is that the U.S. government came out and said the Russians hacked the utilities.”

NPR

It’s unclear if we ever remove the malware. However, the U.S. does insert code into Russia’s power grid technology in 2018 or 2019 to act as a deterrent.

The military branch is reportedly taking advantage of measures in a 2018 defense authorization bill permitting secret online campaigns to “deter, safeguard or defend against” cyberattacks without requiring explicit presidential approval. President Trump, who claimed that Russia had stopped cyberattacks, isn’t believed to have been briefed on the malware plants.

Engadget

Sources

https://us-cert.cisa.gov/ncas/alerts/TA18-074A

https://www.utilitydive.com/news/russian-hackers-infiltrated-utility-control-rooms-dhs-says/528487/

https://www.npr.org/2018/03/23/596044821/russia-hacked-u-s-power-grid-so-what-will-the-trump-administration-do-about-it

https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html

https://www.engadget.com/2019-06-15-us-offensive-malware-in-russia-power-grid.html

Photo: Public Domain

Note From TF

Some Trump File posts are incomplete as the site is still young and Trump world moves fast. Please use the source links to read further if a topic interests you or if you doubt its authenticity. If a post does not have source links, it is an early draft and will be updated soon. I plan to go back and build on every post in the future.

If If there is content you'd like to add context to or something that should be corrected, please contact TF by clicking here or email us at trumpfile@protonmail.com. You can also find us on Twitter.

Support The Site:

Keep Reading

Recommended

Dates on Trump File reflect when something happens, not when it's first reported.

Sometime in or before March, the Russian government begins launching cyber attacks at U.S. energy, water, and manufacturing.

Russian cyber actors at some point gain the ability to cause blackouts and grid disruptions. The full extent of Russia’s newfound capabilities may never be known, though. They breached hundreds of companies and government agencies and are still operating inside networks when the U.S. catches them in 2018.

Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors… The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks.

Cybersecurity & Infrastructure Security Agency (CISA)

The cyber actors use these third-party networks to install their malware, which is eventually passed through to those third parties’ clients: U.S. government agencies.

The malware has multiple uses, but one identified use is that it creates new administrator accounts on computer systems it touches, letting the Kremlin access and control programs and data.

Another function of the malware is that it can impersonate an email administrator account, giving the Kremlin access to all digital communications within an agency. They are also able to tap into user credentials — usernames, passwords, etc. — for all of the employees in the agencies they target.

A similar cyber infiltration from Russia hits U.S. agencies in 2020, but its reach is far greater than the 2016 hack.

James Lewis, a cybersecurity expert and vice president of the Center for Strategic and International Studies, tells NPR this kind of attack has happened before.

“The Russians have been doing this for years,” Lewis said. “The change is that the U.S. government came out and said the Russians hacked the utilities.”

NPR

It’s unclear if we ever remove the malware. However, the U.S. does insert code into Russia’s power grid technology in 2018 or 2019 to act as a deterrent.

The military branch is reportedly taking advantage of measures in a 2018 defense authorization bill permitting secret online campaigns to “deter, safeguard or defend against” cyberattacks without requiring explicit presidential approval. President Trump, who claimed that Russia had stopped cyberattacks, isn’t believed to have been briefed on the malware plants.

Engadget

Sources

https://us-cert.cisa.gov/ncas/alerts/TA18-074A

https://www.utilitydive.com/news/russian-hackers-infiltrated-utility-control-rooms-dhs-says/528487/

https://www.npr.org/2018/03/23/596044821/russia-hacked-u-s-power-grid-so-what-will-the-trump-administration-do-about-it

https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html

https://www.engadget.com/2019-06-15-us-offensive-malware-in-russia-power-grid.html

Photo: Public Domain

NOTE FROM TF

Some files are incomplete as the site is still young and Trump world moves fast. Please use the source links to read further if a topic interests you or if you doubt its authenticity. I plan to go back and build on every file in the future.

If there is content you'd like to add context to or something that should be corrected, please contact us by clicking here or email us at trumpfile@protonmail.com

Support The Site:

Keep Reading

Recently Added & Updated

Keep Reading