In late July, Department of Homeland Security (DHS) officials said, last summer, Russian hackers gained access to power company control rooms, according to The Wall Street Journal.
On March 15, DHS and the Federal Bureau of Investigation reported that Russian hackers had gained access to several U.S. infrastructure companies and had been targeting these companies since at least March 2016. The more recent reports further detail the extent to which Russian hackers have infiltrated critical U.S. infrastructure networks and raised the victim count to “hundreds” from the dozens that DHS had acknowledged in March.
In a statement on July 24, DHS spokeswoman Lesley Fulop said, "Over the course of the past year as we continued to investigate the activity, we learned additional information which would be helpful to industry in defending against this threat."
According to the DHS, the hackers gained access to electric utilities through third-party vendors who provide computer services to electric utilities. Hackers employed common techniques like “spearphishing,” in which they first gained access to these third-party vendors send emails from these compromised accounts to gain vital information for accessing the utilities networks.
The Wall Street Journal reported (and have been frequently cited since) DHS officials had stated the attack had claimed “hundreds of victims” and Jonathan Homer, chief of industrial-control-system analysis for DHS, said, “They got to the point where they could have thrown switches" and caused power outages.
However, since then DHS officials have said that these claims have been overstated.
"While hundreds of energy and non-energy companies were targeted, the incident where they gained access to the industrial control system was a very small generation asset that would not have had any impact on the larger grid if taken offline," Fulop said.
CEO of cybersecurity firm Dragos, Robert Lee echoed these concerns, writing in a statement, "[M]essaging in the WSJ article around 'throwing switches' and causing 'blackouts' is misleading on the impact of the targeting that took place. What was observed is incredibly concerning but images of imminent blackouts are not representative of what happened, which was more akin to reconnaissance into sensitive networks.”
Though not as severe as previously stated, the attacks are likely ongoing.