Security firm Symantec revealed Wednesday that hackers gained access to U.S. power grid control systems, potentially allowing them to cause blackouts at will.
"There's a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage ... being able to flip the switch on power generation," Symantec security analyst Eric Chien told Wired. "We're now talking about on-the-ground technical evidence this could happen in the US, and there's nothing left standing in the way except the motivation of some actor out in the world."
The group, dubbed Dragonfly 2.0 by Symantec, successfully compromised a number of American power firms and one in Turkey, though the company wouldn't reveal which ones. According to forensic analysis, the hackers gained operational access, which is what the companies' engineers use to control the flow of electricity.
"That's exactly what you'd do if you were to attempt sabotage," Chien said. "You'd take these sorts of screenshots to understand what you had to do next, like literally which switch to flip."
Hackers were previously able to induce blackouts in Ukraine in 2015 and 2016, which is the only comparable situation, according to Chien, though there's no evidence of a connection between that event and this one.
Symantec found that the Dragonfly 2.0 attacks began in December 2015 and began increasing in frequency in 2017, particularly in the U.S., Turkey and Switzerland, usually using phishing emails and other tricks to compromise their victims' computers.
Department of Homeland Security spokesperson Scott McConnell told Wired in a written statement that the "DHS is aware of the report and is reviewing it," adding that "at this time there is no indication of a threat to public safety."