The Department of Homeland Security and FBI have released a report today containing details of Russian efforts to hack into the US government entities and infrastructure sectors. This includes energy, nuclear, commercial, water, aviation and critical manufacturing sectors. The agencies are saying that the cyberattacks are ongoing and have been occurring since at least March 2016. Their report described the attacks as “a multi-stage intrusion campaign by Russian government cyber actors.”
Those that are behind these attacks seem to be targeting two types of entities. The first is where they’re going after groups that are linked to their ultimate targets, such as third-party suppliers with networks that are less secure than those of their main targets. After gathering useful information, they then use that to stage malware and conduct phishing campaigns in order to gain access into energy sector networks. “After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally and collected information pertaining to industrial control systems,” the report said.
Previous reports have suggested Russia to be behind the attacks being received on US nuclear power industry. At the time, FBI didn’t name Russia as the source until more evidence was gathered.
Ben Read, manager for the cybersecurity company FireEye Inc., told Reuters, “People sort of suspected Russia was behind it, but today’s statement from the US government carries a lot of weight.” The report, however, didn’t describe what sort of impact the attacks have had on US infrastructure organizations.