Russian hackers tricked people into giving their passwords
None
Russian hackers who penetrated hundreds of US utilities, manufacturing plants and other facilities last year gained access by using the most conventional of phishing tools, tricking staffers into entering passwords, officials say.
The Russians targeted mostly the energy sector but also nuclear, aviation and critical manufacturing, Jonathan Homer, head of Homeland Security's industrial control system analysis, said during a briefing Wednesday.
They had the capability to cause mass blackouts, but chose not to, and there was no threat the grid would go down, the officials said. Instead, the hackers appeared more focused on reconnaissance.
The 2017 attack prompted a rebuke from the Trump administration earlier this year.
The victims ranged from smaller companies with no major budget for cybersecurity to large corporations with sophisticated security networks, Homer said. Vendors were targeted because of their direct access to the utilities -- companies that run diagnostics or update software or perform other tasks to keep the systems running. The victims were not identified.
