Energy firms 'hacked on UK election day'

'State-sponsored' cyber attackers may have harvested usernames and passwords

President Vladimir Putin
(Image credit: SERGEI KARPUKHIN/AFP/Getty)

National spy agency GCHQ has warned energy companies that they were "likely to have been compromised" in cyber attacks on 8 June while the UK held its election, the Daily Telegraph reports, citing a leaked report.

Although there is mention of "state-sponsored" cyber attacks, GCHQ did not explicitly name the state thought to be responsible. Experts told the Telegraph they believed that "the Kremlin was behind the attack".

Water companies and the manufacturing industry may also have been compromised, the GCHQ report says. No immediate disruption was caused.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE
https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

The reports come after news that Russian hackers targeted the Republic of Ireland’s energy sector last month intending to infiltrate control systems. This would have allowed them to knock out parts of the power grid in Northern Ireland, The Times reports.

Senior engineers at Ireland’s Electricity Supply Board were targeted by a group understood to have ties to the Kremlin’s GRU intelligence agency. The hackers sent emails to staff that contained malicious software, The Times says.

Motherboard, a division of Vice news that has also seen the GCHQ report, said it was issued "after the FBI and Homeland Security warned hackers had targeted US energy firms too".

Motherboard says the UK attack may have been designed not to disrupt, but to harvest usernames and passwords. "Specifically with the intrusions reported in the NCSC [National Cyber Security Centre] document, the infrastructure in organizations is connecting to a set of malicious IP addresses using SMB, a data transfer protocol, as well as HTTP," the GCHQ document said, according to Motherboard.

"The report suggests that the hackers may be trying to capture victims' passwords, and provides a set of mitigations for victims, such as turning on multi-factor authentication for industrial systems."

To continue reading this article...
Continue reading this article and get limited website access each month.
Get unlimited website access, exclusive newsletters plus much more.
Cancel or pause at any time.
Already a subscriber to The Week?
Not sure which email you used for your subscription? Contact us