Russia-Ukraine Agreement on Power Plant Attacks Possible

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News

Maine Climate Council Act targets 80% renewable power by 2030 and 100% by 2050, slashing greenhouse gas emissions via clean electricity, grid procurement, long-term contracts, wind and hydro integration, resilience planning, and carbon sequestration.

Key Points

A Maine policy forming a Climate Council to reach 80% renewables in 2030 100% in 2050 and cut greenhouse gas emissions.

✅ 80% renewable electricity by 2030; 100% by 2050.

✅ 45% GHG cut by 2030; 80% by 2050.

✅ Utility procurement authority for clean capacity and energy.

The winds of change have shifted and are blowing Northward, as Maine’s Governor, Janet T. Mills, has put forth an act establishing a Climate Council to guide the state’s consumption to 80% renewable electricity in 2030 and 100% by 2050, echoing New York's Green New Deal ambitions underway.

The act, LR 2478 (pdf), also sets a goal of reducing greenhouse gas emissions by 45% in 2030 and 80% by 2050. The document will be submitted to the state Legislature for consideration.

The commission would have the authority to direct investor owned transmission and distribution utilities to run competitive procurement processes, and enter into long-term contracts for capacity resources, energy resources, renewable energy credit contracts, and participate in regional programs, as these all lead toward the clean electricity and emissions-reducing goals that mirror California's 100% mandate debates today.

The Climate Council would convene industry working groups, including Scientific and Technical, Transportation, Coastal and Marine, Energy, and Building & Infrastructure working groups, plus others as needed, where examples like New Zealand's electricity transition could inform discussions.

Membership within the council would include two members of the State Senate, two members of the House, a tribal representative, many department commissioners (Education, Defense, Transportation, etc.), multiple directors, business representatives, environmental non-profit members, and climate science and resilience representatives as well.

The council would update the Maine State Climate Plan every four years, and solicit input from the public and report out progress on its goals every two years, similar to planning underway in Minnesota's carbon-free plan framework. The first Climate Action Plan would be submitted to the legislature by December 1, 2020.

Specifically, the responsibilities of the Scientific and Technical Subcommittee were laid out. The group would be scheduled to meet at least every six months, beginning no later than October 1, 2019. The group would be tasked with reviewing existing scientific literature, including net-zero electricity pathways research, to use it as guidance, recognizing gaps in the state’s knowledge, and guiding outside experts to ascertain this knowledge.  The group would consider ocean acidification, and climate change effects on the state’s species; establish science-based sea-level rise projections for the state’s coastal regions by December 1, 2020; create a climate risk map for flooding and extreme weather events; and consider carbon sequestration via biomass growth.

The state’s largest power plants (above image), generate about 31% from gas, 28% from wood and 41% from hydro+wind. Already, the state has a very clean electricity profile, much like efforts to decarbonize Canada's power sector continue apace. Below, the U.S. Energy Information Administration (EIA) notes that 51% of electricity generation within the state comes from mostly wind+hydro, with a small touch from solar power. The state also gets 24% from wood and other biomass, which would lead some to argue that the state is already at 75% “renewable electricity”. The Governor’s document does reference wind power specifically as a renewable, however, no other specific electricity source. And there is much reference to forestry, agriculture, and logging – specifically noting carbon sequestration – but nothing regarding electricity.

The state’s final 25% of electricity mostly comes from natural gas, even as renewable electricity momentum builds across North America, with this author choosing to put “other” under the fossil percentage noted above.

Related News

• Electricity Forum News

• Renewable Energy News

Synchrophasors deliver PMU-based, real-time monitoring for the smart grid, helping NYISO prevent blackouts, cut costs, and integrate renewables, with DOE-backed deployments boosting reliability, situational awareness, and data sharing across regional partners.

Key Points

Synchrophasors, or PMUs, are grid sensors that measure synced voltage, current, and frequency to enhance reliability.

✅ Real-time grid visibility and situational awareness

✅ Early fault detection to prevent cascading outages

✅ Supports renewable integration and lowers operating costs

Have you ever heard of a synchrophasor? It may sound like a word out of science fiction, but these mailbox-sized devices are already changing the electrical grid as we know it.

The grid was born over a century ago, at a time when our needs were simpler and our demand much lower. More complex needs are putting a heavy strain on the aging infrastructure, which is why we need to innovate and update our grid with investments in a smarter electricity infrastructure so it’s ready for the demands of today.

That’s where synchrophasors come in.

A synchrophasor is a sophisticated monitoring device that can measure the instantaneous voltage, current and frequency at specific locations on the grid. This gives operators a near-real-time picture of what is happening on the system, including insights into power grid vulnerabilities that allow them to make decisions to prevent power outages.

Just yesterday I attended the dedication of the New York Independent System Operator's smart grid control center, a $75 million project that will use these devices to locate grid problems at an early stage and share these data with their regional partners. This should mean fewer blackouts for the State of New York. I would like to congratulate NYISO for being a technology leader.

And not only will these synchrophasors help prevent outages, but they also save money. By providing more accurate and timely data on system limits, synchrophasors make the grid more reliable and efficient, thereby reducing planning and operations costs and addressing grid modernization affordability concerns for utilities.

The Department has worked with utilities across the country to increase the number of synchrophasors five-fold -- from less than 200 in 2009 to over 1,700 today. And this is just a part of our commitment to making a smarter, more resilient grid a reality, reinforced by grid improvement funding from DOE.

In September 2013, the US Department of Energy announced up to $9 million in funding to facilitate rapid response to unusual grid conditions. As a result, utilities will be able to better detect and head off potential blackouts, while improving day-to-day grid reliability and helping with the integration of solar into the grid and other clean renewable sources.

If you’d like to learn more about our investments in the smart grid and how they are improving our electrical infrastructure, please visit the Office of Electricity Delivery and Energy Reliability’s www.smartgrid.gov.

Patricia Hoffman is Assistant Secretary, Office of Electricity Delivery & Energy Reliability

Related News

• Electricity Forum News

• Grid Technologies News

U.S. Power Grid Cybersecurity combats DHS-FBI flagged threats to energy infrastructure, with PJM Interconnection using ICS/SCADA segmentation, phishing defenses, incident response, and resilience exercises against Russia-linked attacks and pipeline intrusions.

Key Points

Strategies, controls, and training that protect U.S. electric infrastructure from cyber threats and disruptions.

✅ ICS/SCADA network segmentation and zero-trust architecture

✅ Employee phishing drills and incident response playbooks

✅ DOE-led grid exercises and threat intelligence sharing

The joint alert from the FBI and Department of Homeland Security last month warning that Russia was hacking into critical U.S. energy infrastructure, as outlined in six essential reads on Russian hacks from recent coverage, came as no surprise to the nation’s largest grid operator, PJM Interconnection.

“You will never stop people from trying to get into your systems. That isn’t even something we try to do.” said PJM Chief Information Officer, Tom O’Brien. “People will always try to get into your systems. The question is, what controls do you have to not allow them to penetrate? And how do you respond in the event they actually do get into your system?”

PJM is the regional transmission organization for 65 million people, covering 13 states, including Pennsylvania, and Washington D.C.

On a rainy day in early April, about 10 people were working inside PJM’s main control center, outside Philadelphia, closely monitoring floor-to-ceiling digital displays showing real-time information from the electric power sector throughout PJM’s territory in the mid-Atlantic and parts of the midwest, amid reports that hackers accessed control rooms at U.S. utilities.

#google#

Donnie Bielak, a reliability engineering manager, was overseeing things from his office, perched one floor up.

“This is a very large, orchestrated effort that goes unnoticed most of the time,” Bielak said. “That’s a good thing.”

But the industry certainly did take notice in late 2015 and early 2016, when hackers successfully disrupted power to the Ukrainian grid. The outages lasted a few hours and affected about 225,000 customers. It was the first publicly-known case of a cyber attack causing major disruptions to a power grid. It was widely blamed on Russia.

One of the many lessons of the Ukraine attacks was a reminder to people who work on critical infrastructure to keep an eye out for odd communications.

“A very large percentage of entry points to attacks are coming through emails,” O’Brien said. “That’s why PJM, as well as many others, have aggressive phishing campaigns. We’re training our employees.”

O’Brien doesn’t want to get into specifics about how PJM deals with cyber threats. But one common way to limit exposure is by having separate systems: For example, industrial controls in a power plant are not connected to corporate business networks, a separation underscored after breaches at U.S. power plants prompted reviews across the sector.

Since 2011, North American grid operators and government agencies have also done large, security exercises every two years. Thousands of people practice how they’d respond to a coordinated physical or cyber event, including rising substation attacks that highlight resilience gaps.

So far, nothing like that has happened in the U.S. It’s possible, but not likely, according to Robert M. Lee, a former military intelligence analyst, who runs the industrial cybersecurity firm Dragos.

“The more complex the system, the harder it is to have a scalable attack,” said Lee, who co-authored a report analyzing the Ukraine attacks. “If you wanted to take out a power generation station– that isn’t the most complex thing. Let’s say you cause an hour of outage. But now you want to cause two months of outages? That’s an exponential increase in effort required.”

For example, he said, it would very difficult for hackers to knock out power to the entire east coast for a long time. But briefly disrupting a major city is easier. That’s the sort of thing that keeps him up at night.

“I worry about an adversary getting into, maybe, Washington D.C.’s portion of the grid, taking down power for 30 minutes,” he said.

The Department of Energy is creating a new office focused on cybersecurity and emergency response, following the U.S. government’s condemnation of power grid hacking by Russia.

Deterrence may be one reason why there has not yet been a major attack on the U.S. grid, said John MacWilliams, a former senior DOE official who’s now a fellow at Columbia University’s Center on Global Energy Policy.

“That’s obviously an act of war,” he said. “We have the capability of responding either through cyber mechanisms or kinetic military.”

In the meantime, small-scale incidents keep happening.

This spring, another cyber attack targeted natural gas pipelines. Four companies shut down their computer systems, just in case, but they say no service was disrupted.

Related News

• Electricity Forum News

• Grid Technologies News

Russian cyberattacks on U.S. power grid exposed DHS warnings: Dragonfly/Energetic Bear breached control rooms, ICS networks, and could trigger blackouts via switch manipulation, phishing, and malware, threatening critical infrastructure and utility operations nationwide.

Key Points

State-backed breaches of utility ICS and control rooms enabled potential switch manipulation and blackouts.

✅ DHS: Dragonfly/Energetic Bear breached utility networks

✅ Access reached control rooms and ICS for switch control

✅ Ongoing campaign via phishing, malware, lateral movement

Russian hackers for a state-sponsored organization invaded hundreds of control rooms of U.S. electric utilities that could have led to blackouts, a new report says.

The group, known as Dragonfly or Energetic Bear, infiltrated networks of U.S. utilities as part of an effort that is likely ongoing, Department of Homeland Security officials told the Wall Street Journal.

Jonathan Home, chief of industrial-control-system analysis for DHS, said the hackers “got to the point where they could have thrown switches” and upset power flows.

Although the agency did not disclose which companies were impacted, the officials at a briefing Monday said that there were “hundreds of victims” including breaches at power plants across the U.S., and that some companies may not be aware that hackers infiltrated their networks yet.

According to experts, Russia has been preparing for such attacks for some time now, prompting a renewed focus on protecting the grid among utilities and policymakers.

“They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” said former Deputy Assistant Defense Secretary Michael Carpenter, now senior director at the Penn Biden Center at the University of Pennsylvania, per the Wall Street Journal. “They are waging a covert war on the West.”

Earlier this year, the Trump administration claimed Russia had staged a power grid hacking campaign against the U.S. energy grid and other U.S. infrastructure.

The report comes after President Trump told reporters last week during a joint press conference in Helsinki alongside Russian President Vladimir Putin that he had no reason not to believe the Russian leader's assurances to him that the Kremlin was not to blame for interference in the election.

Trump later admitted that he misspoke when he said he didn’t “see any reason why” Russia would have meddled in the 2016 election, and said he believes the U.S. intelligence community assessment that found that the Russian government did interfere in the electoral process.

Related News

• Electricity Forum News

• Grid Technologies News

Maryland Community Solar Program enables renters and condo residents to subscribe to offsite solar, earn utility bill discounts, and support projects across BGE, Pepco, Delmarva, and Potomac Edison territories, with low to moderate income participation.

Key Points

A pilot allowing residents to subscribe to offsite solar and get bill credits and savings, regardless of home ownership.

✅ 5-10 percent discounts on standard utility rates

✅ Available in BGE, Pepco, Delmarva, Potomac Edison areas

✅ Includes low and moderate income subscriber carve-outs

Maryland has launched a pilot program that will allow anyone to power their home with solar panels — even if they are renters or condo-dwellers, or live in the shade of trees.

Solar developers are looking for hundreds of residents to subscribe to six power projects planned across the state, including recently announced sites in Owings Mills and Westminster. Their offers include discounts on standard electric rates.

The developers need a critical mass of customers who are willing to buy the projects’ electricity before they can move forward with plans to install solar panels on about 80 acres. Under state rules, the customer base must include low- and moderate-income residents, many of whom face energy insecurity challenges.

The idea of the community solar program is to tap into the pool of residential customers who don’t want to get their energy from fossil fuels but currently have no way to switch to a cleaner alternative.

That could significantly expand demand for solar projects, said Gary Skulnik, a longtime Maryland solar entrepreneur.

Skulnik is now CEO of Neighborhood Sun, a company recruiting customers for the six projects.

“You’re signing up for a project that won’t exist unless we get enough subscribers,” Skulnik said. “You’re actually getting a new project built.”

It could also stoke simmering conflicts over what sort of land is appropriate for solar development.

The General Assembly authorized the community solar pilot program in 2015. But not-in-my-backyard opposition and concerns about the loss of agricultural land have slowed progress.

Community solar could force more communities to confront those sorts of clashes — and to consider more carefully where solar farms belong.

“We are going to see a lot more solar development in the state,” said Megan Billingsley, assistant director of the Valleys Planning Council in Baltimore County. “One of the things we haven’t seen is any direction or thoughtful planning on where we want to see solar development.”

The General Assembly authorized about 200 megawatts in community solar projects — enough to power about 40,000 households — over three years.

Customers can sign up for projects built within the territory of their electric utility. About half of that solar energy load has been allotted for the region served by Baltimore Gas and Electric Co.

By subscribing to a community solar project, customers won’t actually be getting their electricity from its photovoltaic panels. But their payments will help finance it and, in some cases, complementary battery storage solutions as well.

The Public Service Commission has approved six projects so far: Two in BGE territory, in Owings Mills and near Westminster; one in Pepco territory, in Prince George’s County; two in Delmarva Power and Light territory, in Caroline and Worcester counties; and one in Potomac Edison territory, in Washington County where planning officials have developed proposed recommendations.

More projects are expected to win approval in the next two years.

But none of them can be built unless they catch on with electricity customers. The developers are looking for 2,600 customers statewide.

Skulnik would not say how many customers an individual project needs to get the green light. But he said that the Prince George’s proposal, a 25-acre array atop a Fort Washington landfill is the closest, with about 100 subscribers so far.

The terms of subscription vary by project, but discounts range from 5 percent to 10 percent off utility rates. Customers are asked to commit to the projects for as long as 25 years. (They can break the contracts with advance notice, or if they move to a different utility service area.)

Maryland joins more than a dozen states in advancing community solar projects, as scientists work to improve solar and wind power technology.

Corey Ramsden is an executive for Solar United Neighbors, a nonprofit that promotes the solar industry in eight states and the District of Columbia.

He said potential customers are often confused by the mechanics of subscribing to community solar, or hesitant to commit for years or even decades. The industry is working to answer questions and get people more comfortable with the idea, he said.

But it has been a challenge across the country, including debates over New England grid upgrades, and in Maryland. Advocates for solar say there is broad support for renewable energy generation. The state has set goals to increase green energy use and reduce greenhouse gas emissions.

Still, many Marylanders don’t welcome the reality when a project attempts to move in.

Rural land is often the most desirable for solar developers, because it requires the least effort to prepare for an array of panels. But community groups in those areas have asked whether land historically used for farming is right for a more industrial use.

“People are very much in favor of going for a lot more renewables, for whatever reason,” said Dru Schmidt-Perkins, the former president of the land conservation group 1,000 Friends of Maryland. “That support comes to a screeching halt when land that is perceived to be valuable for other things, whether a historic view­shed or farming, suddenly becomes a target of a location for this new project.”

Such concerns have at least temporarily stalled the momentum for solar across the state. Anne Arundel County had at least five small community solar projects in the pipeline in December when officials decided to pause development for eight months. Baltimore County officials imposed a four-month moratorium on solar development before passing an ordinance last year to limit the size and number of solar farms.

Billingsley said the Valley Plannings Council, which advocates for historic and rural areas in western Baltimore County, is frustrated that there hasn’t been more discussion about which areas the county should target for solar development — and which it shouldn’t.

She said she fears that pressure to expand solar farms across rural lands is only going to grow as community solar projects launch, and as lawmakers in Annapolis talk about more policies to promote investment in renewable energy.

Schmidt-Perkins called community solar “an amazing program” for those who would install solar panels on their roofs if they could. But she said its launch heightens the importance of discussions about a broader solar strategy.

“Most communities are caught a little flat-footed on this and are somewhat at the mercy of an industry that’s chomping at the bit,” she said. “It’s time for Maryland to say, ‘Okay, let’s come up with our plan so that we know how much solar can we really generate in this state on lands that are not conflict-based.’”

Related News

• Electricity Forum News

• Renewable Energy News