Unknown: A currently unknown attacker attempted to DDoS an energy provider who supplies energy to Los Angeles County, CA, Salt Lake County, UT, and Converse County, WY. According to the recently released report, the attack took place on March 5th, 2019 between 9:12 a.m. and 6:57 PM and even though the power supply was not disrupted, the unnamed provider felt that the attempt was serious enough that it needed to be reported to the Federal Government. The report stated that the DDoS disrupted operations at the facility but not energy system operations, meaning that other non-vital systems were knocked offline. A number of major threat actors and nations have previously stated a desire to disrupt the power grid in the United States–including Russia, Iran, China, North Korea, and the Islamic State. The Russian group Sandworm previously successfully disrupted energy services in Ukraine in 2015. In that instance, the group utilized the DarkEngery malware to disrupt power systems while carrying out a DDoS attack on the energy provider’s phone lines to prevent customers from being able to call in the outage. The DOE has not released any details of who they believe is behind the attack at this time.
While some will be quick to look at a state-sponsored actor for the attack, it is possible that the attack was related to cyber-anarchists who wish only to cause chaos. Until more details are known, it is difficult to say who was behind the attack or for what purpose.