North Korean Hackers Hit U.S. Electric Companies with Spear Phishing Attacks

FireEye researchers recently reported that spear phishing emails were sent to U.S. electric companies on September 22, 2017 by cyber attackers affiliated with the North Korean government.

The emails offered fake invitations to a fundraiser, NBC News reports. Anyone who opened an attachment to view the invitation also downloaded malware.

According to the researchers, the attacks appeared to be early-stage reconnaissance and not an indication of any imminent disruptive attack. What’s more, the researchers said there’s no evidence that North Korean hackers yet have the ability to manipulate or disrupt energy sector operations.

“Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension,” the researchers wrote.

Over two years ago, North Korean hackers released sensitive data on South Korean nuclear power plants after sending almost 6,000 phishing emails to Korea Hydro and Nuclear Power employees in December 2014. “This incident did not demonstrate the ability to disable operations,” the FireEye researchers noted.

Still, the researchers wrote that North Korea linked hackers are bold and “likely remain committed to pursuing targets in the energy sector, especially in South Korea and among the U.S. and its allies, as a means of deterring potential war or sowing disorder during a time of armed conflict.”

“North Korea linked hackers are among the most profilic nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide,” the researchers wrote. “Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback.”

Expect More Attacks

Eddie Habibi, CEO of PAS Global, told eSecurity Planet by email that as tensions continue to rise between the U.S. and North Korea, we should expect the intensity of cyber attacks on U.S. critical infrastructure to rise as well.

And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it’s not well prepared for the consequences of attacks that provide the attackers with “access to the process control networks where you find systems that control volatile processes or ensure worker safety.”

“These systems are often 15 or 20 years old and consequently do not adhere to today’s secure by design principles,” Habibi said. “They are also not visible to security personnel, which makes detecting and reacting sufficiently to compromise difficult at best. Exploiting these systems can lead to loss of production, shareholder value, and even life under certain circumstances.”

A recent Accenture survey of more than 100 utility executives from over 20 countries found that 63 percent of respondents worldwide, and 76 percent of those in the U.S., believe their country faces at least a moderate risk of its electricity supply being interrupted by a cyber attack within the next five years.

Only 6 percent of respondents feel extremely well-prepared, and 48 percent feel well-prepared, to restore normal grid operations following a cyber attack.

“Attacks on industrial control systems could disrupt grid reliability and the safety and well-being of employees and the public,” Accenture Transmission and Distribution managing director Stephanie Jamison said in a statement.

Still, more than 40 percent of respondents said cyber security risks are not integrated or are only partially integrated into their broader risk management processes.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles