The Department of Energy and U.S. intelligence agencies issued a joint alert on Wednesday warning energy firms about the discovery of malicious cybertools that they said were capable of gaining “full system access” to the systems that control electricity and natural gas in the United States.
The actors in question “developed custom-made tools” for targeting industrial control systems and high-voltage substations in the U.S. that would “enable them to scan for, compromise, and control affected devices,” the warning said.
Though U.S. agencies did not name a nation-state actor responsible for developing the malware and declined to say who found the software and how, the alert was issued just days after Ukraine said it thwarted a sophisticated cyberattack Russian military intelligence hackers waged on its power grid. Officials said the attack was slated to begin on April 8 as Ukrainian civilians returned home from work and took aim at several power substations in the country. If successful, officials said, the hack could have triggered blackouts for millions of Ukrainian civilians.
Private cybersecurity firms said Wednesday that Russia is likely behind the malware that targeted U.S. systems.
In its independent analysis of the malware, private sector government partner Mandiant said the functionality was “consistent with the malware used in Russia’s prior physical attacks,” calling the tools “exceptionally rare and dangerous.”
“We note that the activity is consistent with Russia’s historical interest in ICS,” said Nathan Brubaker, director of threat analysis at Mandiant.
Mandiant’s report said the new hacking tool “poses the greatest threat to Ukraine, NATO member states, and other states actively responding to Russia’s invasion of Ukraine.”
DAILY ON ENERGY: OPPORTUNITY KNOCKS FOR US MINING IN EUROPE
As Russian troops struggle to advance in many parts of Ukraine, some analysts believe the recent threats against Ukraine and the West could be a sign that the Kremlin may be beginning to shift its tactics to a system of asymmetric or hybrid warfare, which includes waging sophisticated cyberattacks against Ukraine and its Western allies.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
“If the Russian advance has dissipated,” John Hultquist, the vice president of threat analysis at cybersecurity firm Mandiant, told the New York Times earlier this week, “this may be another way for them to put pressure on Ukraine.”
