The Russian connectionU.K. energy firms hacked by Russian government hackers: U.K. spy agency

Published 19 July 2017

A leaked U.K. government memo says that in the wake of the 8 June general election, the U.K. energy industry is “likely to have been compromised” by Russian government hackers. The report, produced by the National Cyber Security Centre (NCSC) – the British equivalent of the U.S. NSA — warns that the British intelligence service had spotted connections “from multiple U.K. IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors.”

Russian government hackers hacked the U.K.’s energy sector on the day of the General Election.

A leaked U.K. government memo says that in the wake of the 8 June general election, the U.K. energy industry is “likely to have been compromised” by state-sponsored hackers.

The report, produced by the National Cyber Security Centre (NCSC) – the British equivalent of the U.S. NSA — warns that the British intelligence service had spotted connections “from multiple U.K. IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors.”

Technology website Motherboard had received a copy of the NCSC report from an anonymous source inside the U.K. energy industry.

An industry source told the Telegraph that the attacks had targeted Industrial Control System engineering and services firms — companies which are responsible for the computerized control of power stations and other energy infrastructure.

A number of the hacked firms have remote access to critical systems at energy facilities, the NCSC report says.

The NCSC warned that the hackers have also been targeting other sectors of the economy, focusing on engineering, industrial control, and water companies. 

The NCSC report notes that the recent wave of cyberattacks by Russian government hackers began around 8 June, which was election day. The British intelligence agency says the motivation behind the cyberattack was not clear, but experts note that Russian government hackers have recently hacked many nodes of the U.S. nuclear power industry:

The report says: “The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors.

NCSC believes that due to the use of wide-spread targeting by the attacker, a number of Industrial Control System engineering and services organizations are likely to have been compromised.”

The NCSC refused to confirm or deny the existence of the leaked report. The agency released a statement to the media, saying: “We are aware of reports of malicious cyber-activity targeting the energy sector around the globe.

“We are liaising with our counterparts to better understand the threat and continue to manage any risks to the UK.” 

The Times  reports that in recent days, Russian government hackers have attacked Ireland’s power grid.

Irish security experts told the newspaper that the Russian government hackers tried to infiltrate the control systems of the Irish Republic’s power infrastructure by targeting senior engineers at the country’s Electricity Supply Board. These engineers were hit with a phishing email last month, which tried to trick them into downloading malicious software.

Security analysts worry that the Russian hackers could have stolen sensitive information, such as top-secret passwords, which they can later use to access and disrupt the Irish power systems.

On 7 July, DHS and the FBI issued a joint report alerting the U.S. nuclear power industry to the sustained hacking attempts by the Russian hackers.