Rob Barry and Lisa Schwartz of the Wall Street Journal
The Wall Street Journal is reporting of a sophisticated phishing campaign targeting the vendors of Power Utilities.
The U.S. Department of Homeland Security dispatched a team to examine the various company computers that had been to try and find a pivot point into the power grid.
The cyberattack on the 15-person company near Salem, Ore., which works with utilities and government agencies, was an early thrust in the worst known hack by a foreign government into the nation’s electric grid. It set off so many alarms that U.S. officials took the unusual step in early 2018 of publicly blaming the Russian government.
Rather than strike the utilities head on, the hackers went after the system’s unprotected underbelly—
hundreds of contractors and subcontractors like All-Ways who had no reason to be on high alert against foreign agents. From these tiny footholds, the hackers worked their way up the supply chain. Some experts believe two dozen or more utilities ultimately were breached.
The hackers utilized several vectors, included planted malware on sites frequently read by utility engineers and fake résumés with tainted attachments, pretending to be job seekers
The Wall Street Journal identified small businesses such as Commercial Contractors Inc. in Ridgefield, Wash., and Carlson Testing Inc., in Tigard, Ore., along with big utilities such as the federally owned Bonneville Power Administration and Berkshire Hathaway ’s PacifiCorp.
The government isn’t sure how many utilities and vendors in all were compromised in the Russian assault.
Tainted emails have continued through 2018. “Whether they’re Russian or not, I don’t know. But someone is still trying to infiltrate our server.”
Industry experts say Russian government hackers likely remain inside some systems, undetected and awaiting further orders.
Continue Reading on the Wall Street Journal