U.S. sanctions Russia over attempts to hack energy grid, NotPetya

The Trump administration announced Thursday sanctions against Russian entities for a multitude of actions, including meddling in the 2016 presidential election, the NotPetya attack and persistent attempts to break into the U.S. energy grid.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned five entities and 19 individuals with ties to the Kremlin, including high-ranking officials in Russia’s Federal Security Service (FSB) and Main Intelligence Directorate (GRU).

“The administration is confronting and countering malign Russian cyber activity, including their attempted interference in U.S. elections, destructive cyber-attacks, and intrusions targeting critical infrastructure,” said Treasury Secretary Steven Mnuchin.  “These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia.”

Senior administration officials say that a number of those sanctioned are responsible for attempts to breach industrial control systems tied to the U.S. energy grid. Officials say attackers conducted a “multi-stage campaign” where they penetrated power company IT networks through spearphishing and watering-hole domains. The attacks, according to officials, moved laterally inside the network in order to conduct reconnaissance and gain more info on ICS systems.

The intrusions aimed at the energy grid, which include the targeting of various American companies, are part of a at least two year long operation run by Russian GRU hackers. Beginning in March 2016, or possibly earlier, these hackers began to send phishing emails and used other techniques to penetrate into the networks of critical infrastructure providers, like U.S.-based energy, nuclear, water and manufacturing plants. DHS described it as a “multi-stage intrusion campaign.”

DHS officials say the breaches appear limited to the business network side of the affected critical infrastructure companies, meaning that the hackers have yet to manipulate the actual control systems which manage physical hardware. This distinction is important because it explains how the hackers may be sitting at a red line, possibly waiting to do further damage.

“We did not see them cross into the control networks,” DHS cybersecurity official Rick Driggers told reporters Thursday. “We know that there is intent there.”

Other sanctions were past against a list of people who are linked to the Internet Research Agency, a group responsible for filling social media networks with election-related propaganda during the 2016 presidential election. A number of those sanctioned were also recently indicted by Special Counsel Robert Mueller.

“Russia’s behavior is continuing to trouble us and we will press back in meaningful ways,” a senior administration official said.