North Korean hackers targeted US electric companies: Cybersecurity firm

North Korean hackers targeted US electric companies: Cybersecurity firm

FireEye says its devices "detected and stopped" spear phishing emails sent to US electric companies by known cyber threat actors "likely affiliated with the North Korean government" last month.

File photo of a US power grid. AFP/LOIC VENANCE

SINGAPORE: Cyber threat hackers "likely affiliated with the North Korean government" had tried to sent spear phishing emails to US electric companies last month, according to a report by cybersecurity firm FireEye.

In its report on Tuesday (Oct 10), FireEye said its devices "detected and stopped" the emails, which were sent on Sep 22 this year". According to a separate report by NBC, the emails used fake invitations to a fundraiser to target victims, and a victim who downloaded the invitation attached to the email would also be downloading malware to the computer network.

The US cybersecurity firm added that the activity was "early-stage reconnaissance" and not necessarily indicative of an imminent, disruptive cyberattack that might take months to prepare if it went undetected. It had previously detected groups it suspected are affiliated with the North Korean government compromising electric utilities in South Korea, but "these compromises did not lead to a disruption of the power supply", the report noted.

"We have not observed suspected North Korean actors using any tool or method specifically designed to compromise or manipulate the industrial control systems (ICS) networks that regulate the supply of power," FireEye said.

"Furthermore, we have not uncovered evidence that North Korean linked actors have access to any such capability at this time."

The company also pointed out that the few examples of disruptions to energy sector operations that were caused by online operations required additional technical and operational steps that "these North Korean actors do not appear to have taken or have shown the ability to take".

In December 2015, a Western Ukraine power company Prykarpattyaoblenergo suffered an outage, causing 700,000 people and half the homes in the Ivano-Frankivsk region in Ukraine to be without electricity for several hours. A separate Ukrainian power distributor Ukrenergo was hit by a cyberattack in June this year, but it did not affect the country's power network.

FireEye indicated that the number of nation states developing the capability to disable the operations of power utilities has increased in recent years.

For North Korea, in particular, the cybersecurity company said even little compromises of power companies "would probably be exaggerated and hailed as a victory by Pyongyang".

The report came on the same day the Chosun Ilbo daily said North Korean hackers stole hundreds of classified military documents from South Korea, including detailed wartime operational plans involving its US ally. Mr Rhee Cheol-hee, a lawmaker for the ruling Democratic party, said the hackers broke into the South's military network in September last year and gained access to 235 gigabytes of sensitive data, it said.

The report comes amid heightened fears of conflict on the Korean peninsula, fuelled by US President Donald Trump's continued threats of military action against Pyongyang to tame its weapons ambitions.

Source: CNA/kk

Bookmark