“At the CyberwarCon forum in Washington, DC on Wednesday, researchers from threat intelligence firm FireEye noted that while the US grid is relatively well-defended, and difficult to hit with a full-scale cyberattack, Russian actors have nonetheless continue to benefit from their ongoing vetting campaign. ‘There’s still a concentrated Russian cyber espionage campaign targeting the bulk of the US electrical grid,’ says FireEye analyst Alex Orleans says. ‘The grid is still getting hit.’ FireEye calls the Russia-linked hacking group that has been targeting the US grid ‘TEMP.Isotope.’ It’s also known as Dragonfly 2.0, or Energetic Bear. The group mostly uses generic hacking tools and techniques created by other actors—a strategy known as ‘living off the land’—to minimize development time and costs, while also making it harder to identify and track its movements. But TEMP.Isotope has also created at least one custom system backdoor, and often uses spearphishing and infected websites to compromise targets. And the group has brought these tools to bear against the US grid in a patient and methodical way.”
Source: Russian Hackers Haven’t Stopped Probing the US Power Grid | WIRED
