Rochester Public Utilities was one of them, located as the name implies in Rochester, N.Y.
The hacking attack was revealed in August by researchers at a Silicon Valley cybersecurity company and reported in a story Monday in the Wall Street Journal. The Journal’s story reports that some of the utilities that were targeted are located near dams, locks and other critical infrastructure.
Most of them were relatively small like RPU.
The Federal Bureau of Investigation is investigating the attacks and has contacted some of the utilities. RPU was not among those contacted, the Wall Street Journal reported.
Tony Benson, an RPU spokesman, said the Wall Street Journal reached out to RPU for comment regarding the wave of attacks, called LookBack, that its reporters had become aware of from their sources.
"As you are aware, all IT systems are subject to multiple attacks on a daily basis," Benson said in an email. "Our security staff has reviewed the information provided by the WSJ to see if this represents a new or unidentified attack vector that could impact our IT systems. Based on our review of the identified characteristics, this particular exploit would have been anticipated and defeated."
According to the Wall Street Journal, the hackers tried to infiltrate utility computers through "phishing" emails that trick recipients into opening them. Once embedded in their systems, the malware could give attackers the ability to take control of computers and steal information.
The U.S. government has warned the U.S. electricity grid is an inviting target for overseas hackers. National security officials have identified Russia and China as having the ability to temporarily disrupt the operations of electric utilities and gas pipelines.
Smaller utilities have been thought to be less susceptible to attack due to their size. This year's hacking campaign illustrates that even those utilities are not immune. They also often lack the big budgets for security measures.
The electricity providers that were targeted operate in 18 states and include ALP Utilties in Minnesota; Wisconsin Rapids Water Works and Lighting; Cloverland Electric Cooperative in Michigan, which sits next to the Sault Ste. Marie Locks, a key juncture for the transport of iron ore to U.S. steel mills; and Klickitat Public Utility District in Washington state, which is near major federal dams and transmission lines that funnel hydroelectricity to California.
Those utilities contacted by the FBI were provided information that helped them scan their computer networks to see if firewalls had been probed and whether malware-tainted email had been sent to their employees.
RPU is a municipally-owned electric and water utility that serves more than 50,000 electric customers and 39,000 water customers, according to its website.
©2019 the Post-Bulletin. Distributed by Tribune Content Agency, LLC.