US officials warned Wednesday that unnamed hackers have developed tools designed to “gain full system access” to the sensitive computer systems used to operate energy facilities.
The tools could help a hacker burrow into an industrial computer network and “disrupt critical devices or functions,” said the Department of Energy, the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency in an advisory.
There are no reports of the malicious code being used in cyberattacks. But US officials and cybersecurity experts urged organizations to harden their defenses because the malicious software could be used to disrupt critical infrastructure if successfully deployed.
The hacking tools could permit “lower-skilled cyber actors to emulate higher-skilled actor capabilities,” the US agencies said.
The agencies did not identify who was responsible for developing the hacking tools or in what country they had been developed. CNN has requested comment from the agencies.
Two US cybersecurity firms that analyzed the hacking tools, Dragos and Mandiant, said the malicious software was likely state-sponsored. Mandiant analysts called it “an exceptionally rare and dangerous cyber attack capability.”
“We are unable to associate (the hacking tools) with any previously tracked group at this stage of our analysis, but we note the activity is consistent with Russia’s historical interest” in industrial control systems, Mandiant analysts said. The tools pose “the greatest threat to Ukraine, NATO member states, and other states actively responding to Russia’s invasion of Ukraine,” the analysts added.
For years, multiple state-linked hacking groups, including some tied to Russia, China and Iran, have taken an interest in infiltrating industrial computer networks. Doing so generally takes specialized knowledge and skill that is different from hacking a business computer network.
For their part, US and Israeli hackers were reportedly behind the 2009 cyber operation against an Iranian facility for nuclear energy.
Ukrainian authorities on Tuesday accused a hacking group linked with Russian military intelligence of trying to sabotage an electric utility that served about 2 million people in Ukraine. Ukrainian officials said the attack had been thwarted and had not affected the provision of electricity at the utility.
The Justice Department has blamed the same Russian hacking group for causing power outages in Ukraine in 2015 and 2016. Those cyberattacks are the only two hacks on record that have successfully caused power outages, according to analysts.