The FBI is investigating a series of cyberattacks that occurred in August 2019 on more than a dozen U.S. utilities recently identified by the Wall Street Journal. The attacks were first discovered by researchers at Silicon Valley cybersecurity company Proofpoint, but few details were released until recently.
According to the Wall Street Journal, small-scale utilities located near dams, locks and other important infrastructure were targeted. The attacks spanned utilities in 18 states. Using phishing emails, the hackers tried to install malware called Lookback, which would enable hackers to control the utility’s computer and steal information.
The utilities affected included Cloverland Electric Cooperative in Michigan and Basin Electric Power Cooperative in North Dakota. Cloverland is located next to the Sault Ste. Marie Locks, an important transfer center of iron ore to steel mills, while Basin Electric is one of the only utilities able to transfer electricity to the eastern and western U.S. grids.
It was believed that due to their small size and low profile, these smaller utilities would not be targeted. These attacks show that smaller utilities are just as vulnerable as their larger counterparts, perhaps even more so as small utilities often do not have the budget for adequate security measures.
Proofpoint Inc., Sunnyvale, Calif., publicized these attacks, identifying at least two active periods in July and August. The phishing email sent in July claimed it was sent from the U.S. National Council of Examiners for Engineering and Surveying and contained important information about licensing.
When users opened these emails, a code may have been released that permitted hackers to gain control of their computer. Proofpoint said only a few people were targeted at each utility, which suggests the hackers chose to study their targets beforehand.