Skip to content
Naked Security Naked Security

Russian hackers are ready to disrupt US energy utilities, says DHS

Jonathan Homer says Russian hackers have snared “hundreds of victims” in the utilities and equipment sectors and "got to the point where they could have thrown switches” in a way that could have caused power blackouts.

Remember the stark warning from the US Department of Homeland Security (DHS) earlier this year that the Russians were trying to hack the country’s energy grid?
According to comments made on the record by the Department’s chief of industrial-control-system analysis, Jonathan Homer, this campaign was a lot more serious that anyone has previously admitted.
Historically, warnings about alleged Russian attacks on US infrastructure have tended to be general in nature – aspiration as much as achievement – but Homer’s comments add details that seem designed to raise the anxiety level a couple of notches.
From 2016 and into this year, Homer says Russian hackers have snared “hundreds of victims” in the utilities and equipment sectors, and “got to the point where they could have thrown switches” in a way that could have caused power blackouts. Predictably, these compromises started with phishing attacks, he said, before adding that the attackers had been sophisticated enough to jump air-gapped networks.
Some victim companies might even today be unaware that they were targeted, a curious admission by the official given that one of the DHS’s jobs would surely be to tell them.

None of this will surprise anyone who took the time to read through the DHS alert from March, which offered a blow-by-blow account of how these attackers have been targeting the energy sector right down to which password cracking tools they prefer.
The groups alleged to be behind all this are nicknamed Dragonfly and Energetic Bear – the activity of both of these groups has been well documented over the last four years.
It might look a little strange that someone from the DHS would want to draw public attention to a successful attack by one of these groups in a way that serves to advertise their capabilities. It could be that officials want to underscore private warnings that have been handed out to the energy sector and perhaps pave the way politically for even more investment in US cyber defence.
There are now regular stories about Russian attacks against all sorts of online systems, including a separate indictment of 12 Russians for the alleged leaking of DNC emails during the 2016 election.
More recently came an unusually technical warning about how a group called Grizzly Steppe was attempting to compromise home routers.
On the other hand, perhaps these warnings are a way of sending these groups – and their alleged nation state paymasters – the message that what they are trying to do is being looked at under the microscope, and generating the forensics to point the blame squarely at them won’t be as hard as they think.
Energy and utility infrastructure is vulnerable in every country, and that includes Russia of course. That some nations might want to understand how to exploit it is a certainty, but under what conditions they would try to disrupt utilities in a country such as the US usually ends up being an exercise in pointless speculation.
As the disruptive 2015 and 2016 attacks on Ukraine demonstrated, that’s already happened on a small scale. The question is if, when and how the attackers will try something much bigger.


The indictment is a sham. There’s not much use in indicting foreign nationals. It’s either showing off or pretending that something useful was accomplished.


Isn’t it quite common for countries to indict foreigners if they are accused of committing crimes in those countries… doesn’t every international extradition request start that way?
My understanding is that Russian citizens have constitutional protection against extradition but that doesn’t preclude international indictments against Russians – one of those indicted might travel to a different jurisdiction at some point.


The useful part is spelling out in no uncertain terms that senior Russian military intelligence officials under direction of Putin attacked the United States. The reason that’s useful is because the President repeatedly has tried to tell the rest of the world that this didn’t happen, even though all signs pointed to it happening. Now we know who, how, and why. The only “showing off” was the detailed 29 page indictment outlining what sorts of intelligence we have to back up the accusations.


I remember that warnings about the vulnerability of power grids goes back for many years. I wonder how much progress has been made to secure them. We may never know.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!