In January 2019, the Wall Street Journal published an article that reconstructs what it called “the worst known hack into the nation’s power system.” The article tells the story of how a foreign government used clever attacks to infiltrate a small construction company, but the construction company was not the ultimate target. They were trying to hack into the power grid, but instead of striking the utilities head on, they established tiny footholds in the contractors and subcontractors of the power utilities. In this case study, we will examine the attack vectors and techniques that were likely used by the attackers. Then we will identify the security deficiencies and how they can be mitigated to protect organizations from similar incidents.
Technical Level: Medium