Hackers working for Russia gained access to the control rooms of US utilities last year, allowing them to cause blackouts, federal officials report to the Wall Street Journal.
The hackers ̵
Officials said the campaign called for "hundreds of victims" and is likely to continue, the Journal reported.
"They have reached the point where they could switch" to break the flow, said Jonathan Homer, director of industrial control system analysis for the DHS, the Journal.
"While hundreds of energy and non-energy companies have been targeted, the incident that gave them access to the industrial control system was a very small facility that had no impact on the larger network when off-line "DHS said in a statement Tuesday. "Over the past year, as we continued to explore the activity, we learned additional information that would be helpful to industry in defending against this threat."
Organizations that run the country's energy, nuclear, and other critical infrastructure have become the target of cyber-attacks in recent years, as they can cause immediate chaos, whether they trigger a power outage or block traffic signs. These systems are often vulnerable to obsolete software and the high cost of infrastructure modernization.
The report comes in the midst of heightened tensions between Russia and the US over cybersecurity. At the beginning of this month, US Special Envoy Robert Mueller.
Hackers compromised US utility companies' corporate networks with conventional approaches, such as spear phishing emails and water cannon attacks, which target a specific group of users by infecting sites they visit. After hackers gained access to dealer networks, they focused on stealing access data to access the utility networks and familiarizing themselves with operations, officials said, according to the Journal.
Homeland Security has not identified the victims, the newspaper reports. Some companies may not know that they were compromised because the attacks used legitimate credentials to gain access to the networks.
Cyber attacks on electrical systems are not an academic matter. In 2016, the Ukraine network was disrupted by cyberattacks attributed to Russia, which is dealing with territorial disputes over the land over eastern Ukraine and the Crimean peninsula. Russia has refused any involvement in the critical infrastructure.
President Donald Trump signed an executive order in May to strengthen cyber security in the United States by protecting federal networks, critical infrastructure and the public online. Part of the mandate focuses on the protection of utilities such as electricity and water, as well as financial, health and telecommunications systems.
The Ministry of Internal Security has not responded to a request for comment.
Originally posted on July 23 at 18:50. PT
Updated July 24 at 10:30 PT with DHS statement.
Security: Keep up to date on the latest security breaches, hacks, fixes and all the cybersecurity issues that keep you awake at night.
Blockchain Decoded: CNET looks at the tech-power bitcoin – and soon a multitude of services that will change your life.