Sometime in or before March, the Russian government begins launching cyber attacks at U.S. energy, water, and manufacturing.
Russian cyber actors at some point gain the ability to cause blackouts and grid disruptions. The full extent of Russia’s newfound capabilities may never be known, though. They breached hundreds of companies and government agencies and are still operating inside networks when the U.S. catches them in 2018.
The cyber actors use these third-party networks to install their malware, which is eventually passed through to those third parties’ clients: U.S. government agencies.
The malware has multiple uses, but one identified use is that it creates new administrator accounts on computer systems it touches, letting the Kremlin access and control programs and data.
Another function of the malware is that it can impersonate an email administrator account, giving the Kremlin access to all digital communications within an agency. They are also able to tap into user credentials — usernames, passwords, etc. — for all of the employees in the agencies they target.
A similar cyber infiltration from Russia hits U.S. agencies in 2020, but its reach is far greater than the 2016 hack.
James Lewis, a cybersecurity expert and vice president of the Center for Strategic and International Studies, tells NPR this kind of attack has happened before.
It’s unclear if we ever remove the malware. However, the U.S. does insert code into Russia’s power grid technology in 2018 or 2019 to act as a deterrent.
Photo: Public Domain