Hackers tied to Russia got dangerously close to knocking out a big chunk of the U.S. power grid last year — and the malware they used is still out there. The attack, during the early weeks of the Kremlin’s invasion of Ukraine, involved hackers deploying malicious software to try to take down “around a dozen” U.S. electric and liquid natural gas sites, a top cyber executive told POLITICO’s Maggie Miller in a story today. While the Biden administration disclosed the incident at the time, the new information suggests the threat was more acute than U.S. officials divulged. In a conversation with Power Switch, Maggie said she was most surprised that the full extent of the threat has managed to skate under the radar, despite details of the attack and the malware — known as PIPEDREAM — being public for nearly a year. “It is still in existence and could easily be used in the future,” Maggie said. Robert M. Lee, the founder and CEO of Dragos Inc., which helps companies respond to cyberattacks, told reporters that last year’s attack was “the closest we’ve ever been” to having U.S. infrastructure go offline. Lee said a coalition of U.S. government and cyber industry groups derailed the effort, but he didn’t disclose how. The discovery last year came three weeks after President Joe Biden warned that Russia was “exploring options for potential cyberattacks” against the United States. Security researchers have said the PIPEDREAM malware is likely connected to Russia, and Lee asserted that it was definitely the “go-to package” of a country aiming to bring down U.S. infrastructure. While most malware is designed to target one specific facility, PIPEDREAM can target most industrial systems for critical infrastructure, such as the equipment operating electric grids. That one-size-fits-all feature makes it particularly dangerous. The new disclosure builds on a decade-high surge in cyber and physical attacks against the U.S. power grid, many of them arising from homegrown — not foreign — threats. Two shootings at Duke Energy Corp. substations in North Carolina knocked out power to 45,000 people in December. A few weeks later, about 14,000 customers in Washington state lost power when someone vandalized four substations. And earlier this month, federal authorities announced they had foiled an attempt by racially motivated extremists to use assault weapons to bring down Baltimore’s electrical grid. “It has not been a fun or easy year for grid operators,” Maggie said. Lee told Maggie he expects PIPEDREAM to pop back up one day. Meanwhile, federal regulators are trying to shore up grid security, most recently in a new rule that aims to increase monitoring of important systems.
|