The threat actors are believed to be affiliated with the North Korean govt.
FireEye has detected and stopped spear phishing emails sent to US electric companies, from cyber threat actors likely affiliated with the North Korean government.
In a statement the company said: “We can confirm that FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to U.S. electric companies. We have previously detected groups we suspect are affiliated with the North Korean government compromising electric utilities in South Korea, but these compromises did not lead to a disruption of the power supply.”
Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension.
FireEye has detected more than 20 cyber threat groups suspected to be sponsored by at least four other nation-states attempting to gain access to targets in the energy sector that could have been used to cause disruptions.
In December 2014, the South Korean Government reported that nuclear power plants operated by Korea Hydro and Nuclear Power (KHNP) were targeted with wiper malware, potentially linked to North Korean actors.
North Korea linked hackers are among the most prolific nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide.
