Smart Grid Solutions Using ProFieldMETER™ Technology

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News

ComEd Hosting Capacity Map helps Illinois communities assess photovoltaic capacity, distributed energy resources, interconnection limits, and grid planning needs, guiding developers and policymakers on siting solar, net metering feasibility, and RPS-aligned deployment by circuit.

Key Points

An online tool showing circuit-level DER capacity, PV limits, and interconnection readiness across ComEd.

✅ Circuit-level estimates of solar hosting capacity

✅ Guides siting, interconnection, and net metering

✅ Supports RPS goals with grid planning insights

As the Illinois solar market grows from the Future Energy Jobs Act, the largest utility in the state has posted a planning tool to identify potential PV capacity in their service territory. ComEd, a Northern Illinois subsidiary of Exelon, has a hosting capacity website for its communities indicating how much photovoltaic capacity can be sited in given areas, based on the existing electrical infrastructure, as utilities pilot virtual power plant programs that leverage distributed resources.

According to ComEd’s description, “Hosting Capacity is an estimate of the amount of DER [distributed energy resources] that may be accommodated under current configurations at the overall circuit level without significant system upgrades to address adverse impacts to power quality or reliability.” This website will enable developers and local decision makers to estimate how much solar could be installed by township, sections and fractions of sections as small as ½ mile by ½ mile and to gauge EV charging impacts with NREL's projection tool for distribution planning. The map sections indicate potential capacity by AC kilowatts with a link to to ComEd’s recently upgraded Interconnection and Net Metering homepage.

The Hosting Map can provide insight into how much solar can be installed in which locations in order to help solar reach a significant portion of the Illinois Renewable Portfolio Standard (RPS) of 25% electricity from renewable sources by 2025, and to plan for transportation electrification as EV charging infrastructure scales across utility territories. For example, the 18 sections of Oak Park Township capacity range from 612 to 909 kW, and total 13,260 kW of photovoltaic power. That could potentially generate around 20 million kWh, and policy actions such as the CPUC-approved PG&E EV program illustrate how electrification initiatives may influence future demand. Oak Park, according to the PlanItGreen Report Card, a joint project of the Oak Park River Forest Community Foundation and Seven Generations Ahead, uses about 325 million kWh.

Based on ComEd’s Hosting Capacity, Oak Park could generate about 6% of its electricity from solar power located within its borders. Going significantly beyond this amount would likely require a combination of upgrades by ComEd’s infrastructure, potentially higher interconnection costs and deployment of technologies like energy storage solutions. What this does indicate is that a densely populated community like Oak Park would most likely have to get the majority of its solar and renewable electricity from outside its boundaries to reach the statewide RPS goal of 25%. The Hosting Capacity Map shows a considerable disparity among communities in ½ mile by ½ mile sections with some able to host only 100-200 kWs to some with capacities of over 3,000 kW.

Related News

• Electricity Forum News

• Renewable Energy News

Dragonfly energy sector cyberattacks target ICS and SCADA across critical infrastructure, including the power grid and nuclear facilities, using spearphishing, watering-hole sites, supply-chain compromises, malware, and VPN exploits to gain operational access.

Key Points

Dragonfly APT campaigns target energy firms and ICS to gain grid access, risking manipulation and service disruption.

✅ Breaches leveraged spearphishing, watering-hole sites, and supply chains.

✅ Targeted ICS, SCADA, VPNs to pivot into operational networks.

✅ Aimed to enable power grid manipulation and potential outages.

An October, 2017 report by researchers at Symantec Corp., cited by the U.S. government, has linked recent US power grid cyber attacks to a group of hackers it had code-named "Dragonfly", and said it found evidence critical infrastructure facilities in Turkey and Switzerland also had been breached.

The Symantec researchers said an earlier wave of attacks by the same group starting in 2011 was used to gather intelligence on companies and their operational systems. The hackers then used that information for a more advanced wave of attacks targeting industrial control systems that, if disabled, leave millions without power or water.

U.S. intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attacks, condemned by the U.S. government, striking almost simultaneously at multiple locations, are testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

#google#

While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers.

“Since at least March 2016, Russian government cyber actors… targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” according to Thursday’s FBI and Department of Homeland Security report. The report did not say how successful the attacks were or specify the targets, but said that the Russian hackers “targeted small commercial facilities’ networks where they staged malware, conducted spearphishing, and gained remote access into energy sector networks.” At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas.

Symantec doesn’t typically point fingers at particular nations in its research on cyberattacks, said Eric Chien, technical director of Symantec’s Security Technology and Response division, though he said his team doesn’t see anything it would disagree with in the new federal report. The government report appears to corroborate Symantec’s research, showing that the hackers had penetrated computers and accessed utility control rooms that would let them directly manipulate power systems, he says.

“There were really no more technical hurdles for them to do something like flip off the power,” he said.

And as for the group behind the attacks, Chien said it appears to be relatively dormant for now, but it has gone quiet in the past only to return with new hacks.

“We expect they’re sort of retooling now, and they likely will be back,”

In some cases, Dragonfly successfully broke into the core systems that control US and European energy companies, Symantec revealed.

“The energy sector has become an area of increased interest to cyber-attackers over the past two years,” Symantec said in its report.

“Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyberattack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the US being compromised by hackers.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group.”

In recent weeks, senior US intelligence officials said that the Kremlin believes it can launch hacking operations against the West with impunity, including a cyber weapon that can disrupt power grids, according to assessments.

The DHS and FBI report further elaborated: “This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organisations such as trusted third-party suppliers with less-secure networks, referred to as ‘staging targets’ throughout this alert.

“The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. National Cybersecurity and Communications Integration Center and FBI judge the ultimate objective of the actors is to compromise organisational networks, also referred to as the ‘intended target’.”

According to the US alert, hackers used a variety of attack methods, including spear-phishing emails, watering-hole domains, credential gathering, open source and network reconnaissance, host-based exploitation, and deliberate targeting of ICS infrastructure.

The attackers also targeted VPN software and used password cracking tools.

Once inside, the attackers downloaded tools from a remote server and then carried out a number of actions, including modifying key systems to store plaintext credentials in memory, and built web shells to gain command and control of targeted systems.

“This actors’ campaign has affected multiple organisations in the energy, nuclear, water, aviation, construction and critical manufacturing sectors, with hundreds of victims across the U.S. power grid confirmed,” the DHS said, before outlining a number of steps that IT managers in infrastructure organisations can take to cleanse their systems and defend against Russian hackers. he said.
 

Related News

• Electricity Forum News

• Grid Technologies News

US Electricity Sales Decline amid population growth and GDP gains, as DOE links reduced per capita consumption to energy efficiency, warmer winters, appliances, and bulbs, while hotter summers and rising AC demand may offset savings.

Key Points

US electricity sales fell 3% since 2010 despite population and GDP growth, driven by efficiency gains and warmer winters.

✅ DOE links drops to efficiency and warmer winters

✅ Per capita residential use fell about 7% since 2010

✅ Rising AC demand may offset winter heating savings

Since 2010, the United States has grown by 17 million people, and the gross domestic product (GDP) has increased by $3.6 trillion. Yet in that same time span, electricity sales in the United States actually declined by 3%, according to data released by the U.S. Department of Energy (DOE), even as electricity prices rose at a 41-year pace nationwide.

The U.S. decline in electricity sales is remarkable given that the U.S. population increased by 5.8% in that same time span. This means that per capita electricity use fell even more than that; indeed, the Department of Energy pegs residential electricity sales per capita as having declined by 7%, even as inflation-adjusted residential bills rose 5% in 2022 nationwide.

There are likely multiple reasons for this decline in electricity sales. Department of Energy analysts suggest that, at least in part, it is due to increased adoption of energy-efficient appliances and bulbs, like compact fluorescents. Indeed, the DOE notes that there is a correlation between consumer spending on “energy efficiency” and a reduction in per capita electricity sales, while utilities invest more in delivery infrastructure to modernize the grid.

Yet the DOE also notes that states with a greater increase in warm weather days had a corresponding decrease in electricity sales, as milder weather can reduce power demand across years. In southern states, the effect was most dramatic: for instance, from 2010 to 2016, Florida had a 56% decrease in cold weather days that would require heating and as a result, saw a 9% decrease in per capita electricity sales.

The moral is that warm winters save on electricity. But if global temperatures continue to rise, and summers become hotter, too, this decrease in winter heating spending may be offset by the increased need to run air conditioning in the summer, and given how electricity and natural gas prices interact, overall energy costs could shift. Indeed, it takes far more energy to cool a room than it does to heat it, for reasons related to the basic laws of thermodynamics. 

Related News

• Electricity Forum News

• Energy Policy News

Snow-powered nanogenerator harvests static electricity from falling snow using a silicone triboelectric design, enabling energy harvesting, solar panel support during snowfall, and dual-use sensing for weather monitoring and wearable winter sports analytics.

Key Points

A silicone triboelectric device that harvests snowDcharge to generate power and enable sensing.

✅ Triboelectric silicone layer captures charge from falling snow.

✅ Integrates with solar arrays to maintain power during snowfall.

✅ Functions as weather and motion sensor for winter sports.

Scientists from University of California, Los Angeles and McMaster University have invented a nanogenerator that creates electricity from falling snow.

Most Canadians have already seen a mini-version of this, McMaster Prof. Ravi Selvaganapathy told CTV’s Your Morning. “We find that we often get shocked in the winter when it’s dry when we come in into contact with a conductive surface like a doorknob.”

The thin device works by harnessing static electricity: positively-charged, falling snow collides with the negatively-charged silicone device, which produces a charge that’s captured by an electrode.

“You separate the charges and create electricity out of essentially nothing,” Richard Kaner, who holds UCLA’s Dr. Myung Ki Hong Endowed Chair in Materials Innovation and whose lab has explored turning waste into graphene, said in a press release.

“The device can work in remote areas because it provides its own power and does not need batteries or reliance on home storage systems such as the Tesla Powerwall, which store energy for later use,” he said, explaining that the device was 3D printed, flexible and inexpensive to make because of the low cost of silicone.

“It’s also going to be useful in places like Canada, where we get a lot of snow and are pursuing a net-zero grid by 2050 to cut emissions. We can extract energy from the environment,” Selvaganapathy added.

The team, which also included scientists from the University of Toronto, published their findings in Nano Energy journal last year, but a few weeks ago, they revealed the device’s more practical uses.

About 30 per cent of the Earth’s surface is covered by snow each winter, which can significantly limit the energy generated by solar panels, including rooftop solar grids in cold climates.

So the team thought: why not simply harness electricity from the snow whenever the solar panels were covered?

Integrating their device into solar panel arrays could produce a continuous power supply whenever it snows, potentially as part of emerging virtual power plants that aggregate distributed resources, study co-author and UCLA assistant researcher Maher El-Kady explained.

The device also serves as a weather-monitoring station by recording how much snow is falling and from where; as well as the direction and speed of the wind.

The team said they also want to incorporate their device into weather sensors to help them better acquire and transmit electronic signals, supporting initiatives to use AI for energy savings across local grids. They said several Toronto-based companies -- which they couldn’t name -- have expressed interest in partnering with them.

Selvaganapathy said the device would hop on the trend of “sensors being incorporated into what we wear, into our homes and even to detect electricity theft in some markets in order to monitor a lot of the things that are important to us”

But the device’s arguably larger potential use is being integrated into technology to monitor athletes and their performances during winter sports, such as hiking, skiing and cross-country skiing.

Up to now, the movement patterns used during cross-country skiing couldn’t be detected by a smart watch, but this device may be able to.

Scientists such as Kaner believe the technology could usher in a new era of self-monitoring devices to assess an athlete’s performance while they’re running, walking or jumping.

The device is simply a proof of concept and the next step would be figuring out how to generate more electricity and integrate it into all of these potential devices, Selvaganapathy said.

Related News

• Electricity Forum News

• Grid Technologies News

U.S. Electricity Demand Decoupling signals GDP growth without higher load, driven by energy efficiency, LED adoption, services-led output, and rising renewables integration with the grid, plus EV charging and battery storage supporting decarbonization.

Key Points

GDP grows as electricity use stays flat, driven by efficiency, renewables, and a shift toward services and output.

✅ LEDs and codes cut residential and commercial load intensity.

✅ Wind, solar, and gas gain share as coal and nuclear struggle.

✅ EVs and storage can grow load and enable grid decarbonization.

By Justin Fox

Economic growth picked up a little in the U.S. in 2017. But electricity use fell, with electricity sales projections continuing to decline, according to data released recently by the Energy Information Administration. It's now been basically flat for more than a decade:

Measured on a per-capita basis, electricity use is in clear decline, and is already back to the levels of the mid-1990s.

Sources: U.S. Energy Information Administration, U.S. Bureau of Economic Analysis

*Includes small-scale solar generation from 2014 onward

I constructed these charts to go all the way back to 1949 in part because I can (that's how far back the EIA data series goes) but also because it makes clear what a momentous change this is. Electricity use rose and rose and rose and then ... it didn't anymore.

Slower economic growth since 2007 has been part of the reason, but the 2017 numbers make clear that higher gross domestic product no longer necessarily requires more electricity, although the Iron Law of Climate is often cited to suggest rising energy use with economic growth. I wrote a column last year about this big shift, and there's not a whole lot new to say about what's causing it: mainly increased energy efficiency (driven to a remarkable extent by the rise of LED light bulbs), and the continuing migration of economic activity away from making tangible things and toward providing services and virtual products such as games and binge-watchable TV series (that are themselves consumed on ever-more-energy-efficient electronic devices).

What's worth going over, though, is what this means for those in the business of generating electricity. The Donald Trump administration has made saving coal-fired electric plants a big priority; the struggles of nuclear power plants have sparked concern from multiple quarters. Meanwhile, U.S. natural gas production has grown by more than 40 percent since 2007, thanks to hydraulic fracturing and other new drilling techniques, while wind and solar generation keep making big gains in cost and market share. And this is all happening within the context of a no-growth electricity market.

In China, a mystery in China's electricity data has complicated global comparisons.

Here are the five main sources of electric power in the U.S.:

The big story over the past decade has been coal and natural gas trading places as the top fuel for electricity generation. Over the past year and a half coal regained some of that lost ground as natural gas prices rose from the lows of early 2016. But with overall electricity use flat and production from wind and solar on the rise, that hasn't translated into big increases in coal generation overall.

Oh, and about solar. It's only a major factor in a few states (California especially), so it doesn't make the top five. But it's definitely on the rise.

What happens next? For power generators, the best bet for breaking out of the current no-growth pattern is to electrify more of the U.S. economy, especially transportation. A big part of the attraction of electric cars and trucks for policy-makers and others is their potential to be emissions-free. But they're only really emissions-free if the electricity used to charge them is generated in an emissions-free manner -- creating a pretty strong business case for continuing "decarbonization" of the electric industry. It's conceivable that electric car batteries could even assist in that decarbonization by storing the intermittent power generated by wind and solar and delivering it back onto the grid when needed.

I don't know exactly how all this will play out. Nobody does. But the business of generating electricity isn't going back to its pre-2008 normal. 

Related News

• Electricity Forum News

• Power Generation News