According to a recent industry article from CyberHeist News, electric Utilities companies throughout the U.S. have been under siege from Russian hackers since as far back as 2014. The information comes from Wall Street Journal writer, Rebecca Smith, who reported that “Hackers working for Russia claimed “hundreds of victims” last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts… They said the campaign likely is continuing.”
According to the article, “The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, “air-gapped” or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.”
According to all relevant sources the threat was real and at the point where they could have thrown switches and disrupted power across the country.
Hundreds Of Unknowing Victims
The names of the victimized utilities companies are being withheld, however, it has been revealed that there are hundreds of victims many of whom still don’t know they have been compromised. The reason some companies are in the dark is about being hacked is because the attackers actually use credentials of current employees to get inside the networks. This makes the attacks more difficult to detect. And it makes it disastrous for businesses and individuals should the Russian hackers decide to strike.
Stay In The Light
The most important thing for all companies is to make sure your Disaster Recovery Team is keyed in to which utility company supplies your businesses power. Contact the power company and insist that they step up their employee’s security awareness training and demand their vendors do the same. You’ll also want them to show evidence that this course of action was actually taken and completed. In the meantime, you may want to beef up your own cyber security.