The New York Times reports:
Cybersecurity officials watched with growing alarm in September as Russian state hackers started prowling around dozens of American state and local government computer systems just two months before the election. The act itself did not worry them so much — officials anticipated that the Russians who interfered in the 2016 election would be back — but the actor did. The group, known to researchers as “Dragonfly” or “Energetic Bear” for its hackings of the energy sector, was not involved in 2016 election hacking. But it has in the past five years breached the power grid, water treatment facilities and even nuclear power plants, including one in Kansas…
September’s intrusions marked the first time that researchers caught the group, a unit of Russia’s Federal Security Service, or F.S.B., targeting states and counties. The timing of the attacks so close to the election and the potential for disruption set off concern inside private security firms, law enforcement and intelligence agencies… American officials described the hackings in an advisory on Thursday as “opportunistic,” rather than a clear attack on election infrastructure, but conceded the group had targeted dozens of state and local systems and stolen data from at least two targets’ servers. “They’re broadly looking to scan for vulnerabilities and they’re working opportunistically,” said Christopher C. Krebs, the director of the Cybersecurity and Infrastructure Security Agency, which issued the warning along with the F.B.I.
That hardly reassured researchers who have tracked Energetic Bear for years. “This appears to be preparatory, to ensure access when they decide they need it,” said Adam Meyers, the head of threat intelligence at CrowdStrike, a security firm that has monitored the group… A disturbing screenshot in a 2018 Department of Homeland Security advisory showed the groups’ hackers with their fingers on the switches of the computers that controlled the industrial systems at a power plant. The group has thus far stopped short of sabotage, but appears to be preparing for some future attack. The hackings so unnerved officials that starting in 2018, the United States Cyber Command, the arm of the Pentagon that conducts offensive cyberattacks, hit back with retaliatory strikes on the Russian grid.
“If that makes any sense to you, you have a big problem.”
— C. Durance, Computer Science 234