FireEye believes attackers linked to North Korea are behind a spearphishing campaign targeting the U.S. power grid.
FireEye believes attackers linked to North Korea are behind a spearphishing campaign targeting the U.S. power grid.

Cyberattackers linked to the North Korean government were likely behind a spearphishing email campaign against U.S. electric companies that was detected and thwarted by FireEye.

“This activity was early-stage reconnaissance, and not necessarily indicative of an imminent, disruptive cyberattack that might take months to prepare if it went undetected,” FireEye said in a blog post that explained the company “previously detected groups we suspect are affiliated with the North Korean government compromising electric utilities in South Korea, but these compromises did not lead to a disruption of the power supply.”

Blake Darche', Co-founder & CSO, Area 1 Security, said that since “energy companies are a major target for phishing attacks...it isn't surprising to see North Korea preparing for a cyber war against the United States should any escalations occur on the Korean Peninsula.”

Noting that nation-states will often attempt to “gather intelligence and prepare for contingencies” by conducing cyberespionage operations, FireEye said that “the few examples of disruptions to energy sector operations being caused by cyber operations required additional technical and operational steps that these North Korean actors do not appear to have taken nor have shown the ability to take.”

Researchers have not discovered “suspected North Korean actors using any tool or method specifically designed to compromise or manipulate the industrial control systems (ICS) networks that regulate the supply of power,” the blog said. “Furthermore, we have not uncovered evidence that North Korean linked actors have access to any such capability at this time.”