Re: More detail please
There is no more detail right now – just a strategic exclusive briefing by Homeland Sec officials with the WSJ.
[ Edit: There's more detail here ]
Presumably the equipment suppliers have access to the utilities' networks so they can provide remote support. That's one way in. The other way is to hack vendors, infect devices, wait for them to be shipped to power plants. Phone home, somehow.
Relevant bits from the Journal:
"The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, 'air-gapped' or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.
"The cyber-attack, which surfaced in the U.S. in the spring of 2016 and continued throughout 2017, exploited relationships that utilities have with vendors who have special access to update software, run diagnostics on equipment and perform other services that are needed to keep millions of pieces of gear in working order.
"The attackers began by using conventional tools—spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites—to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.
"Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks."
C.
Biting the hand that feeds IT
