DHS reviewing report Russia-linked hackers targeted U.S. energy

The Department of Homeland Security (DHS) is reviewing a report by a leading cybersecurity company that identifies a sophisticated hacking campaign targeting the U.S. energy sector. 

Symantec on Wednesday attributed the campaign to a hacker group codenamed “Dragonfly,” which has been linked by others to the Russian government. A DHS spokesman confirmed to The Hill that the department is examining the report, though he noted that there is no sign of a public safety threat at this time. 

“DHS is aware of the report and is reviewing it. At this time there is no indication of a threat to public safety,” DHS spokesman Scott McConnell said.

“We continue to coordinate with government and private sector partners to look into this activity and, through our National Cybersecurity and Communications Integration Center, we have released multiple information products to the critical infrastructure community to provide detection and response recommendations to help them secure their networks.”

{mosads}“As always, DHS supports critical infrastructure asset owners and operators who request assistance with intrusions or potential intrusions to their networks,” McConnell said. 

According to Symantec’s research, the hacking campaign, which the company dubbed “Dragonfly 2.0,” dates back to December 2015, but showed an increase in activity in 2017. 

The hackers have been targeting the energy sector in Europe and North America, particularly focusing on networks in the United States, Turkey and Switzerland.

“The Dragonfly 2.0 campaign shows how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems that could be used for more disruptive purposes in the future,” Symantec concluded. 

The FBI and DHS have previously linked the hacker group “Dragonfly,” also known as “Energetic Bear,” to malicious Russian cyber activity targeting the U.S. Symantec linked the newly revealed hacking campaign to Dragonfly based on the malware used by the hacking group in the past, but has not attributed the activity to a particular country. 

Cyberattacks brought down parts of Ukraine’s power grid in 2015 and 2016, stoking fears about the vulnerability of the electric grid to hackers. Russia is widely suspected in the attacks.