In a joint announcement today, the Department of Homeland Security and FBI said they’ve found evidence of a “multi-stage intrusion campaign by Russian government cyber actors” targeting the U.S. “energy, nuclear, water, aviation, construction, and critical manufacturing sectors” since “at least March 2016.”
According to the report, Russian actors conducted “reconnaissance… and collected information” on those systems. While both agencies acknowledged the campaign “affected multiple organizations,” they did not name specific ones, but did outline instances in which Russians collected “data output from control systems within energy-generation facilities.” According to the report, the Russian actors targeted “peripheral organizations” with access to the intended target but with “less secure networks,” then hacked into the intended targets.
A Russian hacking campaign had penetrated about 100 electric and nuclear power facilities in 2017 alone, including half in the U.S. The joint report closely followed the Trump administration’s announcement of sanctions against Russia for “attempted interference in U.S. elections, destructive cyberattacks, and intrusions targeting critical infrastructure,” Treasury Secretary Steven Mnuchin said. Read more at US-CERT.