Russia is attacking the U.S. energy grid, nuclear facilities, water processing plants, aviation systems, and other critical infrastructure that millions of Americans rely on, according to a new joint analysis by the FBI and the Department of Homeland Security.
The new attribution—the first official confirmation by the U.S. of Russia’s effort—includes an accusation that the Kremlin was behind a group of sophisticated hackers known as “Dragonfly” that had penetrated energy company systems last year in ways that could be used to sabotage the U.S. electric grid.
On Thursday, as the Trump administration imposed new sanctions on Russia for “malicious cyberattacks,” officials confirmed that the Kremlin is believed to be behind the attacks, which security firm Symantec described in a report in September. Symantec had warned that the hackers could potentially have the ability to cause blackouts.
“Since at least March 2016, Russian government cyber actors… targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” according to Thursday’s FBI and Department of Homeland Security report.
The report did not say how successful the attacks were or specify the targets, but said that the Russian hackers “targeted small commercial facilities’ networks where they staged malware, conducted spearphishing, and gained remote access into energy sector networks.” At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas, Bloomberg reported in July.
The new sanctions focus on five Russian groups, including the Russian Federal Security Service, the country’s military intelligence apparatus, and the digital propaganda outfit called the Internet Research Agency, as well as 19 people, some of them named in the indictment related to election meddling released by special counsel Robert Mueller last month.
In announcing the sanctions, which will generally ban U.S. people and financial institutions from doing business with those people and groups, the Treasury Department pointed to alleged Russian election meddling, involvement in the infrastructure hacks, and the NotPetya malware, which the Treasury Department called “the most destructive and costly cyberattack in history.”
The new sanctions come amid ongoing criticism of the Trump administration’s reluctance to punish Russia for cyber and election meddling. Sen. Mark Warner (D-Va.) said that, ahead of the 2018 mid-term elections, the administration’s decision was long overdue but not enough. “Nearly all of the entities and individuals who were sanctioned today were either previously under sanction during the Obama Administration, or had already been charged with federal crimes by the Special Counsel,” Warner said.
Symantec doesn’t typically point fingers at particular nations in its research on cyberattacks, said Eric Chien, technical director of Symantec’s Security Technology and Response division, though he said his team doesn’t see anything it would disagree with in the new federal report. The government report appears to corroborate Symantec’s research, showing that the hackers had penetrated computers that would let them directly manipulate power systems, he says.
“There were really no more technical hurdles for them to do something like flip off the power,” he said.
And as for the group behind the attacks, Chien said it appears to be relatively dormant for now, but it has gone quiet in the past only to return with new hacks.
“We expect they’re sort of retooling now, and they likely will be back,” he said.