What Happens When Russia Uses A Basic Phishing Scam On The U.S.?

U.S. officials reveal Russian hackers used the most conventional phishing tools while targeting hundreds of U.S. utilities in 2017. These scamming tools tricked hundreds of staffers into revealing passwords with massive levels of access. The 2017 attack involved Russian hackers targeting critical industries. In the past, Russian has primarily targeted the energy sector but has also messed with the nuclear, aviation, and critical manufacturing sectors.

Indications are that the hackers were looking for reconnaissance The Associated Press reports, “The Russians targeted mostly the energy sector but also nuclear, aviation, and critical manufacturing,” says Jonathan Homer, head of Homeland Security’s industrial control system analysis. They had the capability to cause mass blackouts but chose not to, and there was no threat the grid would go down, the officials said. Instead, the hackers appeared more focused on reconnaissance.”

The larger attack, which also prompted a rebuke from the Trump administration, was targeted at all kinds of organizations. Among the victims were big organizations with advanced security networks as well as small companies who found it difficult to allocate budgets for cybersecurity. The Russian hackers had targeted vendors mostly because they had direct access to the utilities.

The AP report further says, “The newly disclosed details of the 2017 hack come amid growing concerns over Russia’s efforts to interfere in the November midterm elections and the recent indictments of a dozen Russian military intelligence officers accused of infiltrating the Clinton presidential campaign and the Democratic Party and releasing tens of thousands of private communications.”

The U.S had already given out statements about the attacks. The AP report, dated 25 July 2018, further says, “U.S. national security officials previously said they had determined that Russian intelligence and others were behind the cyberattacks. They said the hackers chose their targets methodically, obtained access to computer systems, conducted “network reconnaissance” and then attempted to cover their tracks by deleting evidence of the intrusions. The U.S. government said it had helped the industries expel the Russians from all systems known to have been penetrated. It wasn’t clear if more had been compromised since news of the attack was made public earlier this year. Wednesday’s briefing was intended to help businesses defend themselves from future attacks.”

Jonathan Homer stated the hacking attack began with a single breach in 2016; it was after staying dormant for almost a year that the hackers started other infiltrations, which happened “…in concentric circles closer and closer to the U.S. Systems”.

The Russian hackers had used conventional phishing tools to carry out the attacks. They had duped people into downloading information from company websites (photos, other data etc) and had also tricked people into entering passwords on some spoofed websites. These passwords helped the hackers compromise networks of many organizations.

A very notable thing is that since the hackers had used real credentials of actual employees to get access to the hacked networks, many organizations/companies that were attacked might still be unaware that their networks have been compromised.