Those behind the cyberattacks are said to be targeting two types of entities. First, they go after groups that are linked to their ultimate targets, such as third-party suppliers with networks that are less secure than those of their main targets. Then after gathering useful information, they use it to stage malware and to conduct phishing campaigns in order to gain access into energy sector networks. "After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally and collected information pertaining to industrial control systems," the report said.
Reports surfaced last year that the US nuclear power industry had been the target of hackers, but while Russia was thought to be behind it, DHS and the FBI didn't name Russia as the source at the time. Ben Read, manager for the cybersecurity company FireEye Inc., told Reuters, "People sort of suspected Russia was behind it, but today's statement from the US government carries a lot of weight." The report didn't describe what sort of impact the attacks had on US infrastructure organizations.
Today's report comes the same day that the US Treasury Department issued sanctions on a number of Russian groups and individuals who have allegedly been involved in massive cyberattacks like NotPetya and efforts to sway the US presidential election.