FBI warns hackers have developed tools that can access energy facilities’ computer systems

Hackers likely funded by a foreign government have developed software capable of accessing computer systems used by energy facilities – a breach that could ‘disrupt key infrastructure sites’ across the globe- federal officials warned in an advisory Wednesday. 

The technology, officials said, is capable of allowing hackers ‘full system access’ to networks used by the facilities, and ‘disrupt critical devices or functions’ such as road management systems, traffic signal controllers, and security systems.

The bulletin – which did not name the hacking group- was sent jointly by the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Homeland Security, and the Energy Department.

Officials specifically warned about potential disruptions to devices made by companies such as Omron Corp. and Schneider Electric, which both provide energy – including electricity – and automated digital services to millions across the globe. 

The agencies did not indicate in what country the malware had been developed, and referred to the organized group of suspects as ‘advanced persistent threat actors,’ a phrase often used to describe state-backed hackers.

Cybersecurity experts who analyzed the tech said it likely originates from Russia. 

As of Wednesday evening, following news that hackers affiliated with Anonymous leaked more than 900,000 emails from Russia’s premiere state media corporation, there have been no reports of the code being used in any cyberattacks.

However, officials asserted that the hacking tools – which could permit ‘lower-skilled cyber actors to emulate higher-skilled actor capabilities’ – ‘have exhibited the capability to gain full system access to multiple industrial control systems.’

Robert Lee, the CEO of cybersecurity firm Dragos Inc., which analyzed the new technology, called the hackers’ malware ‘highly capable’ on Twitter Wednesday following the federal agencies’ announcement, and said it was worth monitoring due to its destructive capabilities. 

Dragos revealed that his firm, which was enlisted by the federal government to monitor the emerging tech, first became aware of the hackers’ malware in early 2022.

He said that the firm has ‘high confidence’ that a state-sponsored cell developed the technology, ‘with the intent on deploying it to disrupt key infrastructure sites.’ 

Lee added that the company is currently ‘working with our partners the best we can to make sure the community is aware’ of the threat.

Another cyber security firm that analyzed the new tech, Mandiant – a company that rose to prominence in 2013 when it released a report directly implicating China in cyber espionage – agreed that the malware was likely state-sponsored, but said that the strategies implemented by the hackers coincide with attacks previously seen from Russia. 

‘We are unable to associate (the hacking tools) with any previously tracked group at this stage of our analysis, but we note the activity is consistent with Russia’s historical interest’ in industrial control systems, Mandiant staffers said in a statement Wednesday. 

The tools pose ‘the greatest threat to Ukraine, NATO member states, and other states actively responding to Russia’s invasion of Ukraine,’ the analysts asserted of the new tech – which staffers said possesses ‘an exceptionally rare and dangerous cyber attack capability.’ 

In Wednesday’s statement US officials and cybersecurity experts urged organizations to bolster their defenses amid the revelation of the new tech, by isolating their corporate computer networks and using stronger passwords, among other suggestions.  

News of the malware comes as several state-linked hacking groups, including some tied to Russia, China, and Iran, have shown interest in infiltrating industrial computer networks – a task vastly more difficult than hacking a regular business computer network.

The new, threatening technology makes such previously specialized hacks markedly easier, allowing for more attacks. 

In 2009, US and Israeli hackers were reportedly behind a 2009 cyber operation that saw an Iranian nuclear plant’s computer networks compromised.

On Tuesday, Ukrainian authorities accused a Kremlin-linked hacking group of trying to sabotage an electric utility that served roughly 2 million people in Ukraine. 

Ukrainian officials said the attack was unsuccessful and had not affected electricity output by the utility.

The Department of Justice has accused the same Russian hacking group of two power outages in Ukraine in 2015 and 2016 – the only two hacks on record that have successfully caused power outages.