State-sponsored Russian hackers appear far more interested this year in demonstrating that they can disrupt the American electric utility grid than the midterm elections, according to United States intelligence officials and technology company executives.
Despite attempts to infiltrate the online accounts of two Senate Democrats up for re-election, intelligence officials said they have seen little activity by Russian military hackers aimed at either major American political figures or state voter registration systems.
By comparison, according to intelligence officials and executives of the companies that oversee the world’s computer networks, there is surprisingly far more effort directed at implanting malware in the electrical grid.
The officials spoke on the condition of anonymity to discuss intelligence findings, but their conclusions were confirmed by several executives of technology and technology security firms.
This week, the Department of Homeland Security reported that over the last year, Russia’s military intelligence agency had infiltrated the control rooms of power plants across the United States. In theory, that could enable it to take control of parts of the grid by remote control.
While the department cited “hundreds of victims” of the attacks, far more than they had previously acknowledged, there is no evidence that the hackers tried to take over the plants, as Russian actors did in Ukraine in 2015 and 2016.
In interviews, American intelligence officials said that the department had understated the scope of the threat. So far the White House has said little about the intrusions other than raise the fear of such breaches to maintain old coal plants in case they are needed to recover from a major attack.
On Friday, President Trump was briefed on government efforts to protect the coming midterm elections from what a White House statement described as “malign foreign actors.” It said it was giving cybersecurity support to state and local governments to protect their election systems.
“The president has made it clear that his administration will not tolerate foreign interference in our elections from any nation state to other malicious actors,” the statement said.
It is possible that Russian hackers are holding their fire until closer to Election Day in November. Given the indictments this month of 12 Russian military officers who are accused of American election interference, the agency once known as the G.R.U. may be all too aware it is being closely watched by the National Security Agency and other American intelligence services.
But that has not completely deterred Russia’s intelligence agencies from targeting politicians.
Microsoft announced at a security conference last week that it stopped an attack last fall aimed at congressional staff offices. While the company did not identify who was targeted, Senator Claire McCaskill, Democrat of Missouri, who faces a tight race for re-election, said on Thursday night that her office had been struck in what she called an unsuccessful attack.
She acknowledged the breach only after The Daily Beast identified her as one of the lawmakers whose offices had been the target of an effort to obtain passwords.
“Russia continues to engage in cyberwarfare against our democracy,” Ms. McCaskill said in a statement. “While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated.”
American officials said it was unclear whether the attack was related to Ms. McCaskill’s re-election bid. She serves on the Senate Armed Services Committee, and one senior official said it was possible that the hackers were seeking a way into the panel’s access to classified military operations and budgets.
Officials of Microsoft, which detected the intrusion in October and November, agreed.
“When we see an attempt like this, we have no way of discerning what the attacker’s motivation is,” Tom Burt, the vice president for customer security and trust at Microsoft, said on Friday.
It is possible that Russian hackers are holding their fire until closer to Election Day in November. Given the indictments this month of 12 Russian military officers who are accused of American election interference, the agency once known as the G.R.U. may be all too aware it is being closely watched by the National Security Agency and other American intelligence services.
But that has not completely deterred Russia’s intelligence agencies from targeting politicians.
Microsoft announced at a security conference last week that it stopped an attack last fall aimed at congressional staff offices. While the company did not identify who was targeted, Senator Claire McCaskill, Democrat of Missouri, who faces a tight race for re-election, said on Thursday night that her office had been struck in what she called an unsuccessful attack.
She acknowledged the breach only after The Daily Beast identified her as one of the lawmakers whose offices had been the target of an effort to obtain passwords.
“Russia continues to engage in cyberwarfare against our democracy,” Ms. McCaskill said in a statement. “While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated.”
American officials said it was unclear whether the attack was related to Ms. McCaskill’s re-election bid. She serves on the Senate Armed Services Committee, and one senior official said it was possible that the hackers were seeking a way into the panel’s access to classified military operations and budgets.
Officials of Microsoft, which detected the intrusion in October and November, agreed.
“When we see an attempt like this, we have no way of discerning what the attacker’s motivation is,” Tom Burt, the vice president for customer security and trust at Microsoft, said on Friday.
Microsoft blocked the attacks with a special court order that allowed it to seize control of internet domains created by Russians that appeared to be official Microsoft sites, but were not. The company has used that procedure at least three times against hackers who are linked to Russian military intelligence.
But beyond those attempts, Mr. Burt and several American intelligence officials said there have been surprisingly few cyberattack attempts directed at political leaders, at least compared with 2016.
“We are not seeing the level of activity in the midterm elections that we saw two years ago,” Mr. Burt said. “But it is still early.”
In part that may be because midterm elections are far more difficult to influence than a presidential race. It would require separate interventions in more than 460 contests, many of which would be of little interest to a foreign power.
“I see 2018 as a ramp-up to 2020,’’ said Laura Rosenberger, the director of the Alliance for Securing Democracy at the German Marshall Fund. Ms. Rosenberger, a former State Department official and foreign policy adviser to Hillary Clinton during the 2016 campaign, has been leading one of the most comprehensive efforts to track and expose foreign influence in American elections.
She said the Russian intelligence hackers “want to make a highly polarized electorate even more polarized and undermine faith in the election systems.”
In a presentation at the Aspen forum, the new chief of the United States Cyber Command spoke at length about a new approach of “persistent engagement” with American adversaries, an effort to see attacks amassing in networks overseas before they strike in the United States.
The commander, Gen. Paul M. Nakasone, who is also the director of the National Security Agency, said that he had set up a Russia small group after assuming command in the spring, but said nothing about its operations. The N.S.A. is responsible for defending government networks and conducting covert offensive operations.
He spent much of his talk describing the difficulties of countering states that “operate below the threshold level of war,” which is how he and other officials often refer to the Russian efforts to influence the election.
Last year, President Trump’s national security adviser, John R. Bolton, called the Russian hacking of the Democratic National Committee during the 2016 election an “act of war.” The hackers are accused of stealing of the committee’s data and then publishing stolen emails through a number of websites, including WikiLeaks.
Just as it is difficult to judge the intent of the Russian hackers in attacking Ms. McCaskill’s office, it is hard to fully understand why they have put so much effort into installing “implants” — hard-to-find malware — in the utility operating systems.
The fear, of course, is that Russia may be planning to unplug American power systems in a time of conflict. But such an attack would almost certainly result in a military response, as General Nakasone obliquely suggested at the Aspen forum.
It is possible that the hackers are simply trying to demonstrate what they are capable of, just as they did in 2014 when they fought the N.S.A.’s efforts to force them from the White House’s unclassified email systems.
In the cases described by the Department of Homeland Security, as presented to the electric utilities and outside experts, the Russian hackers went into the power plants through the networks of contractors, some of whom were ill-protected. Those contractors provided software to the utility company’s systems. Then they used “spearphishing” emails, trying to trick utility operators into changing their passwords.
That is exactly the approach used against Ms. McCaskill’s staff, the officials said.
Sanger, David. “Russian Hackers Appear to Shift Focus to U.S. Power Grid.” The New York Times, July 27, 2018