Energy firms 'hacked on UK election day'
'State-sponsored' cyber attackers may have harvested usernames and passwords
National spy agency GCHQ has warned energy companies that they were "likely to have been compromised" in cyber attacks on 8 June while the UK held its election, the Daily Telegraph reports, citing a leaked report.
Although there is mention of "state-sponsored" cyber attacks, GCHQ did not explicitly name the state thought to be responsible. Experts told the Telegraph they believed that "the Kremlin was behind the attack".
Water companies and the manufacturing industry may also have been compromised, the GCHQ report says. No immediate disruption was caused.
The reports come after news that Russian hackers targeted the Republic of Ireland’s energy sector last month intending to infiltrate control systems. This would have allowed them to knock out parts of the power grid in Northern Ireland, The Times reports.
Senior engineers at Ireland’s Electricity Supply Board were targeted by a group understood to have ties to the Kremlin’s GRU intelligence agency. The hackers sent emails to staff that contained malicious software, The Times says.
Motherboard, a division of Vice news that has also seen the GCHQ report, said it was issued "after the FBI and Homeland Security warned hackers had targeted US energy firms too".
Motherboard says the UK attack may have been designed not to disrupt, but to harvest usernames and passwords. "Specifically with the intrusions reported in the NCSC [National Cyber Security Centre] document, the infrastructure in organizations is connecting to a set of malicious IP addresses using SMB, a data transfer protocol, as well as HTTP," the GCHQ document said, according to Motherboard.
"The report suggests that the hackers may be trying to capture victims' passwords, and provides a set of mitigations for victims, such as turning on multi-factor authentication for industrial systems."