North Korea likely targeted US power companies in spear phishing campaign, firm says
- Cybersecurity firm FireEye confirmed that it detected and stopped spear phishing emails sent to United States power companies by "known cyber actors likely affiliated with the North Korean government" in September.
- The firm noted the attacks appeared to be early-stage reconnaissance, not an imminent cyber attack taking months to prepare. The North Korean actors did not appear to use tools or methods designed to compromise or manipulate industrial control systems, nor did the firm uncover evidence the actors had access to those controls.
- The report highlights the vulnerability of the U.S. power system to cyber attacks, as utility executives named cybersecurity a top concern in a recent survey.
Nearly 63% of utility executives worldwide say their country faces at least a moderate risk of a cyberattack on the power grid within the next five years. Their fears are not unfounded: In 2015, a cyberattack on Ukraine’s grid heightened concerns that the U.S. could be vulnerable to a similar attack.
In June of this year, the North American Electric Reliability Corp. (NERC) noted a growing threat that cyberattacks could be used to cause widespread power outages, and a report from two years ago noted an attack on the U.S. power system could cost $1 trillion.
This year, security firm Symantec warned that a group of hackers has targeted the power sector in Europe and the United States, potentially gaining operational access. The group, identified as Dragonfly 2.0, uses malicious emails, watering hole attacks and Trojanized software to gain access to networks. Symantec stopped short of identifying the countries of origin of the attackers, though Dragonfly was named in a joint analysis published by the DHS and the Federal Bureau of Investigation last year on Russian-based hacking operations.
The power sector and the federal government have partnered to determine how to improve responses in the event of an actual attack. And in 2016, researchers at DOE's Idaho National Laboratory recommended new awareness for grid security as the rollout of smart grid technology raised the risk of cyberattacks.
President Donald Trump also named cybersecurity a priority, issuing an executive order outlining a series of actions for federal agencies to strengthen protections for national cybersecurity, federal IT networks and critical infrastructure, including the power grid.
Follow Krysti Shallenberger on Twitter