Symantec first reported on a hacking campaign by the state-sponsored group Dragonfly targeting dozens of victims in the US energy sector in 2017.
But this is the first time the DHS has provided detailed information about an incident in an unclassified setting and said the hack affected “hundreds of victims”.
Attacks began in 2016 and continued through 2017, and DHS officials said it’s likely the campaign is still ongoing.
By first penetrating the networks of power companies’ trusted vendors, hackers for Dragonfly, also known as Energetic Bear, were able to access utility networks, The Wall Street Journal reported Monday, citing officials at the DHS.
Russians used email phishing scams and fake websites to gain access to corporate networks.
“They got to the point where they could have thrown switches” and caused power outages, said Jonathan Homer, chief of industrial-control-system analysis for DHS.
Experts told The Journal it was unclear whether the attack was done in isolation or in preparation for a larger operation.
The DHS confirmation comes amid increasingly tense relations between Moscow and Washington.
Earlier this month, 12 Russian intelligence agents were indicted in relation to the hacking of the Democratic National Committee before the 2016 US election.
This article was originally published by Business Insider.
More from Business Insider: