Power lines

AngyDS/Flickr (CC-BY)

Russian hackers may have caused blackouts in the U.S.

A group called 'Dragonfly' used employee credentials to bring down the power grid.


Christina Bonnington


Posted on Jul 24, 2018   Updated on May 21, 2021, 10:19 am CDT

Hackers operating on behalf of Russia appear to have penetrated U.S. power networks and may have even caused blackouts.

The Department of Homeland Security says that the hackers broke into “secure,” isolated utility networks by first infiltrating the networks of main vendors, the Wall Street Journal reports. The hackers belong to a state-sponsored group called “Dragonfly” or “Energetic Bear.”

While the DHS did not explicitly name what utility organizations were compromised, on Monday it did say that there were hundreds of victims. Some companies may not even realize they were targeted in these attacks, as they were conducted using valid employee credentials gained through phishing attacks and fake websites.

Symantec first publicly reported on knowledge of the group’s attacks in late 2017. The DHS, meanwhile, has been warning utility executives about the group since 2014. The attacks seem to have started in 2016, extended through 2017, and could be ongoing.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” Symantec’s security team wrote in a blog post. Symantec presumes that sabotage or intelligence gathering are the main reasons for the group to attack our energy grid.

Russia denies targeting U.S. infrastructure, according to the Wall Street Journal. 

The Journal reports the hacking group “vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled.” The goal was to disguise themselves as people regularly expected to manage these systems. The DHS is now looking for signs that attacks may be automated, while experts wonder whether hackers may have damaged systems in ways yet to surface.

In 2016, the U.S. confirmed that its own similar state-sponsored cyberattack caused a massive power outage in Ukraine.

H/T Business Insider

Share this article
*First Published: Jul 24, 2018, 2:31 pm CDT