The FBI is investigating a hacking campaign that targeted more than a dozen U.S. utilities, some of which are located near critical infrastructure. According to The Wall Street Journal, researchers at a Silicon Valley cybersecurity company discovered the cyberattack attempts. The FBI has contacted some of the utilities, and provided information so that they can scan their computer networks to see if firewalls have been breached.
The impacted utilities operate in 18 states from Maine to Washington, including Cloverland Electric Cooperation in Michigan, Klickitat Public Utility District in Washington state and Basin Electric Power Cooperative in North Dakota.
The hackers sent phishing emails to the utilities’ employees in an attempt to get malware — dubbed “Lookback” — installed on computers. Attackers briefly identified intended targets on an exposed server in Hong Kong. Of the 11 utilities named, none said that they were breached, but about half said they had been warned by the FBI. Executives of Wisconsin Rapids Water Works and Lighting Commission said an FBI agent contacted the company in early-October about being a potential target earlier in the year.
“It turned out the reason they were contacting us was because we had been probed in January, and again in March,” by someone testing the utility’s firewalls from Hong Kong, said Matt Stormoen, the utility’s information systems administrator. He added that the company now blocks emails from Hong Kong. “We never got compromised, and never saw the phishing emails,” he said.
Ted Cash, general manager of ALP Utilities in Minnesota, revealed that his employees “found a quarantined email in a restricted account” after being contacted by the FBI. The email was then downloaded onto a disk and sent to the FBI for analysis.
Gary Huhta, general manager of Cowlitz Public Utility District in Washington state, said his staff didn’t know anything about Lookback until the FBI contacted the company about a possible breach in July. Luckily, analysis showed no malicious emails had entered the utility’s network.