While both of those attacks appeared aimed, at least initially, on the theft of emails and other data, the nature of the intrusions created “back doors” that experts say could ultimately enable attacks on physical infrastructure. So far, neither effort is thought to have led to anything other than data theft.
The Biden administration announced sanctions against Russia last month for SolarWinds, and is expected to issue an executive order in the coming days that would take steps to secure critical infrastructure, including requiring enhanced security for vendors providing services to the federal government.
The United States has long warned that Russia has implanted malicious code in the electric utility networks, and the United States responded several years ago by putting similar code into the Russian grid.
But actual attacks on energy systems are rare. About a decade ago, Iran was blamed for an attack on the computer systems of Saudi Aramco, one of the world’s largest producers, which destroyed 30,000 computers. That attack, which appeared to be in response to the American-Israeli attack on Iran’s nuclear centrifuges, did not affect operations.
Another attack on a Saudi petrochemical plant in 2017 nearly set off a major industrial disaster. But it was shut down quickly, and investigators later attributed it to Russian hackers. This year, someone briefly took over control of a water treatment plan in a small Florida city, in what appeared to be an effort to poison the supply, but the attempt was quickly halted.
Clifford Krauss contributed reporting.
Article source: https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html