Sometime in or before March, the Russian government begins launching cyber attacks at U.S. energy, water, and manufacturing.
Russian cyber actors at some point gain the ability to cause blackouts and grid disruptions. The full extent of Russia’s newfound capabilities may never be known, though. They breached hundreds of companies and government agencies and are still operating inside networks when the U.S. catches them in 2018.
Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors… The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks.
Cybersecurity & Infrastructure Security Agency (CISA)
The cyber actors use these third-party networks to install their malware, which is eventually passed through to those third parties’ clients: U.S. government agencies.
The malware has multiple uses, but one identified use is that it creates new administrator accounts on computer systems it touches, letting the Kremlin access and control programs and data.
Another function of the malware is that it can impersonate an email administrator account, giving the Kremlin access to all digital communications within an agency. They are also able to tap into user credentials — usernames, passwords, etc. — for all of the employees in the agencies they target.
A similar cyber infiltration from Russia hits U.S. agencies in 2020, but its reach is far greater than the 2016 hack.
James Lewis, a cybersecurity expert and vice president of the Center for Strategic and International Studies, tells NPR this kind of attack has happened before.
“The Russians have been doing this for years,” Lewis said. “The change is that the U.S. government came out and said the Russians hacked the utilities.”
NPR
It’s unclear if we ever remove the malware. However, the U.S. does insert code into Russia’s power grid technology in 2018 or 2019 to act as a deterrent.
The military branch is reportedly taking advantage of measures in a 2018 defense authorization bill permitting secret online campaigns to “deter, safeguard or defend against” cyberattacks without requiring explicit presidential approval. President Trump, who claimed that Russia had stopped cyberattacks, isn’t believed to have been briefed on the malware plants.
Engadget
Sources
https://us-cert.cisa.gov/ncas/alerts/TA18-074A
https://www.utilitydive.com/news/russian-hackers-infiltrated-utility-control-rooms-dhs-says/528487/
https://www.npr.org/2018/03/23/596044821/russia-hacked-u-s-power-grid-so-what-will-the-trump-administration-do-about-it
https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html
https://www.engadget.com/2019-06-15-us-offensive-malware-in-russia-power-grid.html
Photo: Public Domain