Cyber Experts Prove the American Power Grid Has Been Hacked
Cyber Experts Prove the American Power Grid Has Been Hacked by Daisy Luther – The Organic Prepper
A report by internet security experts, Symantec, says that a hacking group called Dragonfly 2.0 has gained access to 20 power company networks. The American power grid has been hacked, but for some reason, the culprits restrained themselves from taking down the power like they did in Ukraine recently.
The targets were in the United States, Turkey, and Switzerland. According to Symantec, the hackers did gain access to the interface they would need to control the power equipment, with which they could cause a widespread blackout. Eric Chien, a Symantec security analyst, told Wired:
“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation. We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world.” (source)
While we were all focused on the natural disasters like wildfires and hurricanes looming over us, this report went all but unnoticed by the mainstream and alternative media alike.
How did the hackers get in?
Remember how John Podesta ended up being the victim of a phishing scheme that allowed the Clinton campaign to be hacked? This was pretty much the same thing. The Symantec report explains that this has been going on for a couple of years now, but that activity has sharply increased this year:
Symantec has strong indications of attacker activity in organizations in the U.S., Turkey, and Switzerland, with traces of activity in organizations outside of these countries. The U.S. and Turkey were also among the countries targeted by Dragonfly in its earlier campaign, though the focus on organizations in Turkey does appear to have increased dramatically in this more recent campaign.
As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software.
The earliest activity identified by Symantec in this renewed campaign was a malicious email campaign that sent emails disguised as an invitation to a New Year’s Eve party to targets in the energy sector in December 2015.
The group conducted further targeted malicious email campaigns during 2016 and into 2017. The emails contained very specific content related to the energy sector, as well as some related to general business concerns. Once opened, the attached malicious document would attempt to leak victims’ network credentials to a server outside of the targeted organization.
In July, Cisco blogged about email-based attacks targeting the energy sector using a toolkit called Phishery. Some of the emails sent in 2017 that were observed by Symantec were also using the Phishery toolkit (Trojan.Phisherly), to steal victims’ credentials via a template injection attack. This toolkit became generally available on GitHub in late 2016,
As well as sending malicious emails, the attackers also used watering hole attacks to harvest network credentials, by compromising websites that were likely to be visited by those involved in the energy sector.
The stolen credentials were then used in follow-up attacks against the target organizations. In one instance, after a victim visited one of the compromised servers, Backdoor.Goodor was installed on their machine via PowerShell 11 days later. Backdoor.Goodor provides the attackers with remote access to the victim’s machine…
…Symantec also has evidence to suggest that files masquerading as Flash updates may be used to install malicious backdoors onto target networks—perhaps by using social engineering to convince a victim they needed to download an update for their Flash player. Shortly after visiting specific URLs, a file named “install_flash_player.exe” was seen on victim computers, followed shortly by the Trojan.Karagany.B backdoor.
Typically, the attackers will install one or two backdoors onto victim computers to give them remote access and allow them to install additional tools if necessary. Goodor, Karagany.B, and Dorshel are examples of backdoors used, along with Trojan.Heriplor. (source)