The U.S. government warned the country’s industrial firms earlier this week about a hacking campaign, which is targeting the nuclear and energy sectors. Officials said in a report that hackers have been constantly trying to compromise the targets’ networks over the past few weeks, highlighting the growing threat of cyber attacks on the power industry.
The U.S. Department of Homeland Security and Federal Bureau of Investigation said in the joint report that hackers had been using infected “phishing” emails to “harvest credentials” to gain unauthorised access to networks of their targets. The report, which revealed that the hackers had succeeded in some of their efforts, did not name any specific victims.
“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the June 28 report, obtained and reviewed by Reuters, said.
The U.S. government report came just days after the emergence of the “NotPetya” virus earlier this week, which affected many organisations in Ukraine before spreading to other countries across the world. NotPetya encrypted files on infected machines, which later resulted in disrupted activity at ports, law firms and factories.
Researchers from two cyber security firms recently said that they had detected the malware used in a December 2016 cyber attack, when hackers caused a power outage in some part of Ukraine’s capital, Kiev. Experts said that the malware, identified as “Industroyer” or “Crash Override” can be used by its creators to launch more attacks while there is also threat from its copycat versions as well.
“Industroyer’s ability to persist in the system and to directly interfere with the operation of industrial hardware makes it the most dangerous malware threat to industrial control systems since the infamous Stuxnet, which successfully attacked Iran’s nuclear programme and was discovered in 2010,” Anton Cherepanov, senior malware researcher at ESET said in a statement.