U.S. says Russia hacked energy grid, punishes 19 for meddling
Pushing back harder on Russia, the Trump administration accused Moscow on Thursday of a concerted hacking operation targeting the U.S. energy grid, aviation systems and other infrastructure, and also imposed sanctions on Russians for alleged interference in the 2016 election.
It was the strongest action to date against Russia by the administration, which has long been accused of being too soft on the Kremlin, and the first punishments for election meddling since President Donald Trump took office. The sanctions list included the 13 Russians indicted last month by special counsel Robert Mueller, whose Russia investigation the president has repeatedly sought to discredit.
U.S. national security officials said the FBI, Department of Homeland Security and intelligence agencies had determined that Russian intelligence and others were behind a broad range of cyberattacks beginning a year ago that have infiltrated the energy, nuclear, commercial, water, aviation and manufacturing sectors.
The officials said the Russian hackers chose their targets, obtained access to computer systems, conducted “network reconnaissance’’ of systems that control key elements of the U.S. economy and then attempted to cover their tracks by deleting evidence of their infiltration. The U.S. government has helped the industries kick out the Russians from all systems currently known to have been penetrated, according to the officials, but the efforts continue. The officials, who briefed reporters on condition of anonymity to discuss sensitive national security information, left open the possibility of discovering more breaches, and said the federal government was issuing an alert to the energy industry to raise awareness about the threat and improve preparation.
That alert, published online by Homeland Security, said the hacking effort was a “multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks’’ to gain access and plant malware, which was then used to monitor activity as well as to move laterally into other, larger industrial control systems.