Hackers associated with Russian internet addresses have been scanning the networks of five US energy companies in a possible prelude to hacking attempts, the FBI said in a March 18 advisory to US businesses obtained by CNN.
The FBI issued the notice days before President Joe Biden publicly warned that Kremlin-linked hackers could target US organizations as the Russian military continues to suffer heavy losses in Ukraine and as Western sanctions on the Kremlin begin to bite.
Deputy national security adviser Anne Neuberger said during Monday’s White House briefing that Russia had been conducting “preparatory activity” for cyber attacks, which she said could include scanning websites and hunting for software vulnerabilities.”
The so-called “preparatory activity” that Neuberger mentioned Monday is likely “not about espionage, it’s probably very likely about disruptive or destructive [cyber] activity,” US Cybersecurity and Infrastructure Security Agency Director Jen Easterly said Tuesday on a phone briefing with industry executives and state and local government personnel, according to three sources on the call.
There are at least 18 US companies in other sectors, such as defense and financial services that were subjected to the scanning, the FBI said.
There are no confirmed breaches related to the scanning, but the FBI advisory is the latest in a chorus of warnings from US officials to critical infrastructure operators to be on alert for potential Russian hacking. The FBI advisory was meant for a private, technical audience to help companies protect their networks, while Biden’s public warning was generic and meant to raise awareness of the threat.
“The magnitude of Russia’s cyber capacity is fairly consequential and it’s coming,” Biden told business executives on Monday.
The Russia-based Internet Protocol addresses, or data that identifies a computer, are “believed to be associated with cyber actors who previously conducted destructive cyber activity against foreign critical infrastructure,” the FBI said in its advisory.
“This scanning activity has increased since the start of the Russia/Ukraine conflict, leading to a greater possibility of future intrusions,” the FBI memo states.
CBS News first reported on the FBI advisory.
For months, the US departments of Energy, Treasury and Homeland Security, among others, have briefed big electric utilities and banks on Russian hacking capabilities, and urged businesses to lower their thresholds for reporting suspicious activity.
CNN reported on February 2 that a foreign hacking group had probed the computer networks of US electric utilities that operate liquefied natural gas facilities.
The hacking group developed tools used in an incident that forced a Saudi petrochemical plant to shut down in 2017, according to cybersecurity researchers. The Treasury Department in 2020 sanctioned a Russian government institute for its alleged involvement in that incident.
An FBI spokesperson did not respond when CNN asked whether the bureau was referring to the same hacking group in its recent advisory.
The spokesperson said in an emailed statement: “While our standard practice is to not comment on specific intelligence products, the FBI routinely shares information with our law enforcement and industry partners in order to protect the communities they serve and work with. The FBI always encourages members of the public and private industry to be vigilant and report anything they consider suspicious to law enforcement.”
This story has been updated with a response from the FBI.