Russia-linked hackers hit energy firms on polling day
BRITAIN’S energy companies were hacked on the day of the general election by computer criminals believed to have been backed by Russia.
In a report sent to the energy sector, GCHQ said that companies “are likely to have been compromised” in the wake of the June 8 attack.
The report accuses “state-sponsored hostile threat actors” of being responsible for the cyber attack, which may also have targeted water companies and the manufacturing industry.
The document does not name Russia, but experts have told The Daily Telegraph they believe the Kremlin was behind the incident and that it singled out engineers in power plants and the electricity supply network.
The attempt to infiltrate Britain’s energy network and other elements of “critical national infrastructure” is not thought to have caused disruption. But intelligence agencies fear that the hackers were harvesting information that could bring the supply network to its knees.
In December 2015, almost 250,000 people were without electricity for up to six hours after a cyber attack blamed on Russia. It was the first known successful cyber attack on a power grid.
The general election attack is thought to be linked to the targeting of Ireland’s Electricity Supply Board by a group backed by Moscow’s GRU intelligence agency. The Kremlin has denied responsibility. American energy, nuclear and manufacturing firms were also hit last month.
The report by GCHQ’S National Cyber Security Centre (NCSC) was circulated to critical infrastructure companies involved in the energy and manufacturing sectors and leaked to Motherboard, a respected technology website. The report states that “the NCSC is aware of … advanced statesponsored hostile threat actors, who are known to target the energy and manufacturing sectors”. It goes on to say: “NCSC believes that due to the use of widespread targeting by the attacker, a number of Industrial Control System engineering and services organisations are likely to have been
compromised.” The NCSC admits the reason for the attack is unclear but alleges that state-sponsored hackers have previously targeted the energy sector for espionage “or for preparation of conflict”. That is thought to refer to Russia’s military intervention in Ukraine which began in 2014.
The report says that these organisations are part of the supply chain for British critical national infrastructure, and some are likely to have remote access to critical systems.
The hackers attempted to access computer systems by creating fake emails and websites to lure workers into handing over sensitive passwords. They also tried to exploit vulnerable ways into networks in an attack possibly using a similar method to the one used to bring down the NHS in May.
Benjamin Read, a security analyst at Fireeye who specialises in tracking nation state hackers, said: “The activity is consistent with what we’ve seen from Russia-based groups in the past but we don’t have a hard link. In the past other Russian actors operating in Ukraine shut off the plants and cut power to parts of Kiev. The attack seems to focus on engineers who work with big, complex power plants and power distribution.”
The NCSC said: “We are aware of reports of malicious cyber activity targeting the energy sector. We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK.”
A senior Whitehall security official said: “Russia poses a direct threat to the security of the UK. Protecting our national infrastructure from attacks must be a key priority in the Government’s efforts to defend the realm.”
The National Grid said it had in place “robust systems” to protect the national power supply. A spokesman said: “The systems we use to operate gas and electricity networks are isolated from everyday business systems to ensure our networks remain safe and reliable.”