Ride the Lightning

US Reportedly Seeding Russia's Power Grid With Malware

June 20, 2019

We say it all the time. We are at cyberwar every day. Naked Security drove that point home with a post reporting that the US has been quietly planting malware throughout Russia’s energy networks in response to years of Russian attacks on its own power grid. The story comes via The New York Times which said that the latest moves represent a turning point for the US policy on interfering with Russia’s electricity infrastructure. Under the Obama administration, the US had used reconnaissance tools to monitor Russia’s electricity control systems. The Trump administration has escalated this activity to an offensive campaign, placing software that could destabilize electrical services within Russia.

The move follows years of provocation by Russia, which has reportedly run recurring cybercampaigns targeting the US energy grid.

In March 2019, the Department of Homeland Security (DHS) reported that Russian hackers had been targeting US infrastructure including not just energy and nuclear facilities, but also water, aviation, and critical manufacturing sectors. The hackers would infiltrate the targets’ trusted partner organizations and use them as staging grounds for their attacks, the report warned.

Most recently, security firm Dragos alleged that Xenotime, a hacking group thought to be linked to Moscow, has been using its Triton (also known as Trisys) malware to explore US power networks in possible preparation for a future attack. It identified a persistent pattern of activity attempting to gather information and enumerate network resources associated with US and Asia-Pacific electric utilities.

Russian hackers were also thought to be behind separate attacks on the Ukrainian electrical grid in 2015 and 2017.

The news that the US has been seeding Russian power networks with malware follows moves by the Trump administration to loosen the reins on the Pentagon, freeing it up to take more offensive measures in cyberspace without explicit presidential approval. Last August, it rolled back Obama-era rules on cyberwarfare, removing a layer of inter-agency bureaucracy that stood in the way of launching offensive campaigns.

A month later, the Department of Defense unveiled a new cyber strategy that authorized the military to launch cyberattacks on foreign nations without authorization from the National Security Council.

This news may represent a new chapter for the US in its approach to aggressive Russian cyberwarfare tactics, but it isn’t the first time that the US has planned or mounted offensive cyber campaigns. In 2010, it carried out Operation Olympic Games, the codename for the Stuxnet malware operation against Iran’s Natanz nuclear enrichment facility.

President Trump fired back at the New York Times, calling the publication of the story an act of “virtual treason” and denying the report.

Frankly, I believe the New York Times and think we are wise to make it clear that we are prepared to engage – if necessary.

To my faithful readers: Please note that RTL will be on sabbatical next week.

Email:    Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson