No power
In December 2015, almost a quarter of a million people were left without electricity for up to six hours after a cyber attack blamed on Russia. It was the first known successful cyber attack on a power grid.
The June 8 attack on the UK is thought to be linked to the targeting of Ireland’s Electricity Supply Board by a group backed by Moscow’s GRU intelligence agency. The Kremlin has denied responsibility.
Hostile threat actors
US energy, nuclear and manufacturing firms were also hit last month.
The report by GCHQ’s National Cyber Security Centre (NCSC) was circulated to critical infrastructure companies involved in the energy and manufacturing sectors and leaked to Motherboard, a respected technology website.
The report states that “the NCSC is aware of... advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors”.
It goes on to say: “NCSC believes that due to the use of wide-spread targeting by the attacker, a number of Industrial Control System engineering and services organisations are likely to have been compromised.”
The cyber attack targeted organisations “critical” to the UK’s national infrastructure.
The NCSC admits the reason for the attack is unclear but alleges that state-sponsored hackers have previously targeted the energy sector for espionage “or for preparation of conflict”.
That is thought to refer to Russia’s military intervention in Ukraine which began in 2014.
The report says that these organizations are part of the supply chain for UK critical national infrastructure, and some are likely to have remote access to critical systems.
Fake emails
The hackers attempted to access computer systems by creating fake emails and websites to lure company workers into handing over sensitive passwords. They also tried to exploit vulnerable ways into computer networks in an attack possibly using a similar method to the one that allowed cyber criminals to bring down the NHS in May.
Benjamin Read, a security analyst at FireEye who specialises in tracking nation state hackers, said: “The activity is consistent with what we’ve seen from Russia-based groups in the past but we don’t have a hard link."