Russian hackers probing US electric utilities
A group of hackers that shut down a Saudi Arabian oil and natural gas facility in 2017 is now targeting electric utilities in the U.S. and Asia, according to cyber-security company Dragos Inc.So far they have not launched a successful attack, but it does appear to be a preparation for such an attack. It is more evidence that Russia is an adversary of the US.
The group, Xenotime, has been probing utilities since late 2018, Hanover, Maryland-based Dragos said in a blog post Friday. It has focused mostly on electronic control systems that manage operations at industrial sites, Dragos said.
Cyber-security firm FireEye Inc. has linked the group to a research institution in Moscow owned by the Russian government, called the Central Scientific Research Institute of Chemistry and Mechanics. Xenotime is one of few groups in the world to use malware tailored to industrial control systems, said Benjamin Read, a FireEye senior manager.
A spokesman for the Russian embassy in Washington did not immediately respond to a request for comment.
U.S. officials have long warned grids are vulnerable to cyber attacks. Disrupting a region’s electrical infrastructure could cause widespread chaos, triggering blackouts and crippling financial markets, transportation systems and more.
“Most hackers in the world don’t want to kill people," Sergio Caltagirone, Dragos’s vice president of threat intelligence, said in an interview. But Xenotime’s track record suggests it’s “one of the things they’d like to do."