The Department of Homeland Security and the FBI released a report today detailing Russian efforts to hack into US government entities and infrastructure sectors, including energy, nuclear, commercial, water, aviation and critical manufacturing sectors. The agencies said the cyberattacks have been ongoing since at least March 2016 and their report described the attacks as "a multi-stage intrusion campaign by Russian government cyber actors."
Those behind the cyberattacks are said to be targeting two types of entities. First, they go after groups that are linked to their ultimate targets, such as third-party suppliers with networks that are less secure than those of their main targets. Then after gathering useful information, they use it to stage malware and to conduct phishing campaigns in order to gain access into energy sector networks. "After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally and collected information pertaining to industrial control systems," the report said.
Reports surfaced last year that the US nuclear power industry had been the target of hackers, but while Russia was thought to be behind it, DHS and the FBI didn't name Russia as the source at the time. Ben Read, manager for the cybersecurity company FireEye Inc., told Reuters, "People sort of suspected Russia was behind it, but today's statement from the US government carries a lot of weight." The report didn't describe what sort of impact the attacks had on US infrastructure organizations.
Today's report comes the same day that the US Treasury Department issued sanctions on a number of Russian groups and individuals who have allegedly been involved in massive cyberattacks like NotPetya and efforts to sway the US presidential election.