A new joint analysis by the FBI and the Department of Homeland Security stated that unspecified aviation intrusion early in 2017 was part of a broad attack on the nation’s sensitive infrastructure.
On Thursday, as the Trump administration imposed new sanctions on Russia for “malicious cyber attacks,” officials confirmed that the Kremlin is believed to be behind the attacks, which security firm Symantec described in a report in September. Symantec had warned that the hackers could potentially have the ability to cause blackouts.
Since at least March 2016, Russian hackers are conducting a broad assault on the U.S. electric grid, nuclear facilities, water processing plants, air transportation facilities and other targets in rolling attacks on some of the country’s most sensitive infrastructure that millions of Americans rely on.
Bloomberg News reported in July that Russian hackers had breached more than a dozen power plants in seven states, an aggressive campaign that has since expanded to dozens of states, according to a person familiar with the investigation. US officials said that Kremlin-based group of sophisticated hackers known as “Dragonfly” had penetrated energy company systems last year in ways that could be used to sabotage the U.S. electric grid.
However, the attack had limited impact and the industry has taken steps to prevent a repeat of the intrusion, Jeff Troy, executive director of the Aviation Information Sharing and Analysis Center, said Friday. Troy wouldn’t elaborate on the nature of the breach and declined to identify specific companies or the work that was involved.
Critical manufacturing sectors and commercial facilities also have been targeted by the ongoing “multi-stage intrusion campaign by Russian government cyber actors” where they staged malware, conducted spearphishing, and gained remote access into energy sector networks. At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas, Bloomberg reported in July.