Ireland’s Electricity Supply Board Targeted in Phishing Attack

29

Hackers have targeted Irish energy networks amid warnings over the potential impact of intensifying cyber attacks on crucial infrastructure. 

Senior engineers at the Electricity Supply Board (ESB), which supplies both Northern Ireland and the Republic, were sent personalised emails containing malicious software by a group linked to Russia’s GRU intelligence agency, The Times reported.  

Analysts told the newspaper the cyber attack intended to infiltrate control systems, giving hackers the power to take out part of the electricity grid with similar tactics that have caused mass outrages in Ukraine. 

Ireland’s National Cyber Security Centre is investigating the attempt, which did not cause disruption to the network but may have allowed hackers to steal passwords and other information. 

Oz Alashe, a former special forces Lieutenant Colonel and chief executive officer of cyber security platform CybSafe, characterised the attempt as a “spear phishing” attack. 

Like regular phishing attacks, it involves the use of emails to illicit information or make the user click on a link to trigger malicious software, but utilises personal information on targets to heighten the chances of success. 

Mr Alashe told The Independent there has been an increase in reported attacks on crucial national infrastructure around the world. 

“Attribution is exceptionally hard to do but a large proportion of these attacks are believed to be state sponsored,” he added. 

The analyst said that some countries are known to “outsource” the task to criminal groups, who may also sell on information for profit. 

The attack in Ireland was revealed after American officials said Russian government-backed hackers were behind recent cyber attacks on US nuclear power stations. 

The FBI and Department of Homeland Security sent a joint alert to the energy sector in June warning that that “advanced, persistent threat actors” were stealing network log-in and password information to access company networks. 

In similar tactics to those seen in Ireland, officials said hackers had been sending tainted “phishing” emails containing malicious attachments to compromise their targets.