Threat Management, Threat Intelligence, Malware, Phishing

North Korea spearphishing campaign aimed at U.S. power grid

Cyberattackers linked to the North Korean government were likely behind a spearphishing email campaign against U.S. electric companies that was detected and thwarted by FireEye.

“This activity was early-stage reconnaissance, and not necessarily indicative of an imminent, disruptive cyberattack that might take months to prepare if it went undetected,” FireEye said in a blog post that explained the company “previously detected groups we suspect are affiliated with the North Korean government compromising electric utilities in South Korea, but these compromises did not lead to a disruption of the power supply.”

Blake Darche', Co-founder & CSO, Area 1 Security, said that since “energy companies are a major target for phishing isn't surprising to see North Korea preparing for a cyber war against the United States should any escalations occur on the Korean Peninsula.”

Noting that nation-states will often attempt to “gather intelligence and prepare for contingencies” by conducing cyberespionage operations, FireEye said that “the few examples of disruptions to energy sector operations being caused by cyber operations required additional technical and operational steps that these North Korean actors do not appear to have taken nor have shown the ability to take.”

Researchers have not discovered “suspected North Korean actors using any tool or method specifically designed to compromise or manipulate the industrial control systems (ICS) networks that regulate the supply of power,” the blog said. “Furthermore, we have not uncovered evidence that North Korean linked actors have access to any such capability at this time.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.