Attackers Keep Targeting the US Electric Grid

We at WIRED have written plenty about the threat that cyberattacks pose to power grids worldwide. But lately, the most significant attacks on electrical systems have demonstrated that hacking is hardly necessary when physical destruction and sabotage are an option: Just as Russia’s invasion force in Ukraine has systematically destroyed electrical infrastructure to cause vast blackouts across the country, a mysterious and continuing series of physical attacks have hit power utilities in the American southeast—and in one case, have caused an extended outage for tens of thousands of people.

We’ll get to that. In the meantime, though, the cyber news we’ve reported on hasn’t exactly let up this week: Apple added end-to-end encryption for its iCloud backups, while also officially nixing its plan to hunt for child sexual abuse materials in iCloud and reopening a long-running rift with the FBI. Payroll and HR services provider Sequoia admitted to a data breach that included users’ Social Security numbers. A study of cybercrime forums revealed a trend of scammers scamming scammers. And we looked at how the Twitter Files will fuel conspiracy theorists, how technology is contributing to UK authorities creating a “hostile environment” for immigrants, and security and privacy concerns around the Lensa AI portrait app.

But there’s more. Each week, we highlight the security news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories.

When shootings at two electrical substations in North Carolina left 40,000 customers without power for days, the incident seemed like an isolated—if bizarre and troubling—case. But this week, the same utility, Duke Energy, reported gunfire at another facility, a hydroelectric power plant in South Carolina. And combined with two more incidents of hands-on sabotage of US power facilities that occurred in Oregon and Washington in October and November, the vulnerability of the US grid to old-fashioned physical harm has begun to seem like a serious threat.

No damage seems to have occurred in the South Carolina case, and in the earlier incidents in Washington, the utilities involved described the cases as “vandalism.” But the intruders in Oregon carried out a more deliberate attack, cutting through a perimeter fence and damaging equipment, according to the Oregon utility, causing a “brief” power outage in one case. And in yet another, separate collection of incidents, Duke Energy saw half a dozen “intrusions” at substations in Florida, according to documents seen by Newsnation. Federal law enforcement is investigating the cases.

The incidents are reminiscent of another strange, isolated attack on the California power grid in 2015, when a sniper fired on an electrical substation and triggered a blackout to parts of Silicon Valley along with $15 million in damage. These newer cases, while still relatively small in scale, show just how disturbingly vulnerable the American power grid remains to relatively simple forms of sabotage.

The state-sponsored Chinese hacker group APT41 has long carried out a rare mix of cyberespionage and cybercrime. The group, linked in a 2020 US indictment to a company called Chengdu 404 working as a contractor for China’s Ministry of State Security, has been accused of moonlighting as for-profit thieves and even deploying ransomware. Now, NBC News reports that the Secret Service believes APT41 went so far as to steal $20 million from US Covid relief funds—state-sponsored hackers stealing money from the US government itself. About half of the stolen funds were reportedly recovered. But a hacker group on the Chinese government payroll stealing from US federal coffers represents a far more brazen form red-line crossing than even APT41’s previous exploits.

The Met Opera announced earlier this week that it was hit with an ongoing cyberattack that took down its website and online ticketing system. Given that the Met Opera sells $200,000 in tickets a day, the losses from the disruption could do serious harm to one of New York’s major cultural institutions. As of Friday afternoon, the website remained offline, and its administrators had moved ticket sales to a new site. The New York Times, in its reporting on the attack, pointed out that the Met Opera had been critical of Russia’s war in Ukraine—going so far as to part ways with its Russian soprano singer—but there’s still no real explanation of the attack.

Cybersecurity firm ESET this week pinned responsibility for a campaign of data-destroying malware attacks targeting the diamond industry on a hacker group it calls Agrius, which has been previously linked to the Iranian government. The attackers hijacked the software updates of an Israeli-made diamond industry software suite to deploy the wiper malware, which ESET calls Fantasy, in March of this year. As a result, it hit targets not only in Israel but others as far-flung as a mining operation in South Africa and a jeweler in Hong Kong. Although Iranian cyberattacks on Israeli targets are certainly nothing new, ESET’s researchers’ writeup doesn’t speculate on the attack’s motivation.

Source

Author: showrunner