- North Korea hackers have targeted U.S. electric companies.
- They used a spear-phishing attack, which involves sending emails containing malicious links.
- Cybersecurity researchers FireEye says it was likely a "reconnaissance" mission rather than a disruptive cyberattack.
North Korean hackers used fake emails to try to infiltrate U.S. electric companies, according to a report released Tuesday.
Cybersecurity firm FireEye detected and stopped the so-called spear-phishing attack — when attackers send emails containing malicious links. When a person clicks the link, it could open the doors for hackers to enter an organization's network.
NBC News, which first obtained the report, said Tuesday that emails using fake invitations to fundraisers were used to target victims. FireEye made clear that the spear-phishing campaign did not compromise or manipulate any of the industrial control systems that regulate the supply of power. The researchers found no evidence that North Korean-linked actors have the capability at this time. Instead, it was likely a intelligence gathering exercise.
"This activity was early-stage reconnaissance, and not necessarily indicative of an imminent, disruptive cyber attack that might take months to prepare if it went undetected," FireEye said in a report.
"Thus far, the suspected North Korean actions are consistent with a desire to demonstrate a deterrent capability rather than a prelude to an unprovoked first-strike in cyberspace. However, North Korea-linked actors are bold, have launched multiple cyber attacks designed to demonstrate national strength and resolve, and have little concern for potential discovery and attribution of their operations," the report added.
The news comes amid heightened tensions between North Korea and the U.S., with President Donald Trump publicly trading insults with North Korea leader Kim Jong Un. The U.S. military flew two Air Force B-1B Lancer bombers over the Korean Peninsula on Tuesday. And Trump has threatened North Korea on a number of occasions.
Electric companies are a prime target for state-backed hackers because taking over crucial infrastructure could cause high damage to a country.
"The number of nation-states developing the capability to disable the operations of power utilities has increased in recent years. For North Korea, even limited compromises of power companies would probably be exaggerated and hailed as a victory by Pyongyang," FireEye said.