U.S. electric utilities targeted by suspected state-sponsored hacking group, security firm warns
A hacking group recently caught attacking government organizations and businesses in the Middle East has set its sights on U.S. targets including the nation’s electric utility sector, a cybersecurity firm warned Thursday.
Industrial control systems (ICS) used to operate U.S. electric utilities have been targeted by hackers researchers are calling RASPITE, “but there is no current indication the group has the capability of destructive ICS attacks including widespread blackouts,” said Dragos, a Maryland-based company that detected the activity.
Also known as Leafminer, Dragos said group is the same threat actor identified by competing security firm Symantec last month as being responsible for operations targeting networks in Saudi Arabia, United Arab Emirates, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan.
“Although Dragos does not conduct country-specific attribution of industrial control threats, generally threats focused on industrial control are state-sponsored due to the inherent risk, limited financial gain and potential blow back from the operations,” said Sergio Caltagirone, the company’s director of threat intelligence.
Symantec similarly refrained from attributing the hacking group to any particular government, but its researchers assed the group “appears to based in Iran.”
The group uses routinely-deployed hacking methods and publicly available tools and tactics, making its activity easier to analyze than more-sophisticated cyberattacks that rely on exploiting previously unknown security bugs, such as state-sponsored attacks achieved using custom malware.
Both firms assessed that the group has attempted to hack targets by compromising legitimate websites likely browsed by potential victims and altering them in a manner designed to let the attackers steal information from individuals visiting those sites, also known as a “watering hole” attack.
“Dragos caught RASPITE early in its maturity which is ideal as it allows us to track its behavior and threat progression to help organizations defend against them,” added Mr. Caltagirone. “RASPITE uses common techniques which is good because defenders with sufficient monitoring can catch them and mitigate any opportunity for them to get better.”
Both reports exposing the group’s exploits came on the heels of Dan Coats, President Trump’s director of national intelligence, warning last month that foreign hackers are attempting potentially crippling cyberattacks against critical U.S. infrastructure.
“The warning signs are there. The system is blinking, and it is why I believe we’re at a critical point,” Mr. Coates said July 13.
More recently, Department of Homeland Security officials said last week that suspected Russian state-sponsored hackers successfully infiltrated American electric utilities in 2016.
“While hundreds of energy and non-energy companies were targeted, the incident where they gained access to the industrial control system was a very small generation asset that would not have had any impact on the larger grid if taken offline,” DHS spokeswoman Lesley Fulop said in a statement last Tuesday.