EXECUTIVE SUMMARY:

In what may be a vast reconnaissance mission, Russian hackers have infiltrated the electric utilities throughout the United States. Federal officials say the campaign began last year and is likely continuing.

As has been the case with notable data breaches such as Target, and more recently, major automakers, the inroad was through trusted vendors. In this case, according to The Wall Street Journal, “vendors who have special access to update software, run diagnostics on equipment and perform other services that are needed to keep millions of pieces of gear in working order.”

The cyberattackers have hit hundreds of victims; some don’t even know at this point that they have been hacked. Starting with spearphishing and watering hole attacks–with smaller companies that are less invested in a cybersecurity infrastructure–the hackers were able to steal credentials of vendor employees.

Once inside the vendors’ networks, The Wall Street Journal reports, attackers were able to then directly get inside the utilities’ networks and begin stealing critical information regarding how utility networks are configured and controlled.

“They also familiarized themselves with how the facilities were supposed to work, because attackers ‘have to learn how to take the normal and make it abnormal’ to cause disruptions,” Jonathan Homer, chief of industrial-control-system analysis for DHS told The Journal.

While some theorize that this campaign was designed to set up positioning for a future attack, it remains unclear for now. The Journal reports, “Many experts fear that a skilled technician could use unfettered access to change some equipment’s settings. That could make them unreliable in unexpected ways, causing utility engineers to do things that would result in extensive damage and potentially lengthy blackouts.”

Get the full story at The Wall Street Journal.