By Blake Sobczak, E&E News reporter
Last summer, Canadian intelligence officials warned power companies about a menacing cyberthreat to the grid — more than two weeks ahead of their U.S. counterparts.
Hackers had hijacked energy-related websites and were emailing fake resumes to slip past the defenses of electric utilities across North America.
The June 10 bulletin prompted Canadian companies to play cyber defense, blocking employee access to compromised websites while keeping a wary eye out for documents from a fictitious control systems engineer named “Jon Patrick.”
Meanwhile, many of their U.S. peers were left in the dark about the hacking campaign for another 17 days, until a series of nonpublic alerts from the North American Electric Reliability Corp., the Department of Homeland Security and the FBI on June 28.
Experts say the lag time could have allowed the hackers, who were later linked to Russian intelligence services, to claim additional victims in the U.S. power sector. The malicious activity dates back to at least 2016, and in at least one case, attackers were able to reach the control system of a U.S. power generator, according to DHS officials.
“The threat actor had a level of access to be able to cause change, to be able to cause impact to the physical elements of this control system,” Jonathan Homer, chief of the industrial control systems group at DHS’s Hunt and Incident Response Team, said during a webinar Monday, the first in a series of DHS briefings aimed at heading off ongoing attempts to compromise U.S. infrastructure (Energywire, July 24). “They got to the point that they could turn the switches, but they didn’t.”
Read the whole story here.