Russian hackers have infiltrated most of the critical infrastructure in the United States, according to ABC News.
The Department of Homeland Security (DHS) warned last week that “numerous” critical industries might have been compromised, but said it has not yet seen any attempts to “damage, modify, or otherwise disrupt” any computer networks.
Security researchers said it’s part of Russia’s ongoing attempt to poke and prod U.S. networks for vulnerabilities, gathering valuable information about the country’s infrastructure along the way.
“It’s this slow warming of the water, where you don’t know you’re being boiled alive because it’s so slow,” said Darien Kindlund, director of threat research at cyber intelligence firm FireEye.
The software that has been infected with malware potentially controls everything from oil and gas pipelines, to wind turbines and nuclear power plants.
The malware that DHS detected, BlackEnergy, resembles the tools Russian hackers used to attack NATO earlier this year, ABC reported. It might have originally penetrated U.S. systems three years ago.
BlackEnergy was spread through phishing emails pretending to come from an anti-Russian politician in Ukraine, explained Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, which monitors critical infrastructure attacks.
The emails targeted companies with systems running a popular software made by General Electric that facilitates industrial production.
It’s a target, Alperovitch said, “that is interesting and that’s very rare.”
Traditionally, BlackEnergy is associated with Russian cyber criminals, not the government, said security experts. Although the criminal groups might work as contractors for the government, Kindlund explained.
DHS officials speculated to ABC that the goal might have been to leave the malware as a threat to deter the United States from ever attacking Russia.
Alperovitch suspected the impetus was more likely related to cyber espionage.
Kindlund saw it as a possible “staging tactic,” testing “for something larger” down the road.
The attack “seemed to be more of a probing” to see how far the Russians could go with basic malware, said Kindlund, noting that BlackEnergy was merely repurposed from commonly used malware.
“It’s not like they crafted something custom from whole cloth to do this type of attack," he said.
With the type of access the hackers sought, the Russians could tinker with U.S. infrastructure — speeding up wind turbines, for example — but there’s no evidence they would want to.
“We have not seen anything that would suggest that our infrastructure is about to be destroyed,” Alperovitch said.
Kindlund agreed, but was perturbed at the duration of the attack.
“The main issue,” he said, is that the malware was “undetected for so long.”