Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

North Korean Hackers Targeted U.S. Electric Firms: Report

Hackers likely affiliated with the North Korean government seem to lack the ability to disrupt the U.S. power supply, according to a new report from FireEye.

Hackers likely affiliated with the North Korean government seem to lack the ability to disrupt the U.S. power supply, according to a new report from FireEye.

The state-sponsored actors conducted a reconnaissance attack against electric companies in the United States on Sept. 22, 2017, via spear-phishing emails, but the incident did not lead to a disruption, the security company reports.

In fact, no evidence was found that North Korea-linked actors would even have the capability to compromise or manipulate the industrial control systems (ICS) networks that regulate the supply of power.

Attacks targeting the energy sector aren’t new, and FireEye says it has detected “more than 20 cyber threat groups suspected to be sponsored by at least four other nation-states attempting to gain access to targets in the energy sector that could have been used to cause disruptions.”

Given the current tensions with North Korea, the attacks should come at no surprise.

Utility executives worldwide fear that cyber-attacks could cause disruptions to electric distribution grids. To improve the resilience and security of critical energy infrastructure, the United States Department of Energy announced last month plans to invest over $20 million in cyber security.

Last month, Symantec warned of Russian hackers hitting the energy sector in the United States and other countries with a focus on gaining access to control systems. Iranian-backed cyber espionage actors were observed targeting energy organizations too, and so were Chinese hackers last year.

ICS Cyber Security Conference

While North Korea-linked hackers were accused of targeting South’s nuclear power plants operated by Korea Hydro and Nuclear Power (KHNP), the attack apparently focused on stealing sensitive KHNP documents, “as part of an effort to exaggerate the access they had and embarrass the South Korean Government,” FireEye says.

Advertisement. Scroll to continue reading.

The technique is apparently used by the North Korean government either to instill fear or to meet domestic propaganda purposes. Cyber actors linked to the country, however, don’t appear to possess the ability to take the technical and operational steps required in attacks aimed at disrupting energy sector operations.

The spear-phishing activity observed last month “was early-stage reconnaissance, and not necessarily indicative of an imminent, disruptive cyber-attack that might take months to prepare if it went undetected (judging from past experiences with other cyber threat groups),” the security researchers point out.

The suspected North Korean actions are supposedly part of an attempt to demonstrate a deterrent capability rather than the first stages of a larger attack. “For North Korea, even limited compromise of power companies would probably be exaggerated and hailed as a victory by Pyongyang,” FireEye says.

On the other hand, an increasing number of nation-states are developing the capability to disable the operations of power utilities. Moreover, because North Korea-linked actors are bold, they likely remain committed to targeting the energy sector, especially in South Korea and among the U.S. and its allies, the researchers believe.

These actors have already been associated with various cyber-attacks this year, including one targeting South’s wartime operational plans, and several hitting crypto-currency exchanges, possibly in an attempt to bolster finances. Hackers with ties to North Korea were also deemed a serious threat to banks earlier this year.

“North Korea linked hackers are among the most prolific nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide. Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback,” FireEye concludes.

“It doesn’t seem like a phishing attack deserves too much attention these days – especially one that was unsuccessful in penetrating target networks,” Eddie Habibi, CEO of PAS Global, told SecurityWeek. “The fact that it was North Korea isn’t a big surprise nor that power was in the crosshairs. What is worth noting is that as tensions continue to rise with North Korea, we should expect the intensity of cyber attacks aimed at U.S. critical infrastructure to rise as well.”

Related: North Korea Hacked Seoul’s War Plans: Report

Related: North Korea Gets Second Web Connection Via Russian Firm

Related: U.S. Cyber Command Launched DDoS Attack Against North Korea: Report

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.