Skip to main content
close search
site logo
Dive Brief

FERC among targets of Iranian hackers charged by DOJ

Published March 23, 2018
By
Senior Reporter
Federal Energy Regulatory Commission Building
Elizabeth Regan, Industry Dive/Utility Dive

Dive Brief:

  • The Federal Energy Regulatory Commission is among the targets of alleged Iranian hackers indicted by the U.S. Justice Department on Friday. 
  • Nine members of an Iran-based company stole data from hundreds of universities and dozens of companies around the world, DOJ said, acting in many cases on behalf of Iran's government. The Department of Labor and state governments in Hawaii and Indiana were also targeted. 
  • DOJ said the hackers stole email accounts of employees at government agencies, but it remains unclear if any sensitive power system information was compromised. 

Dive Insight:

The Department of Justice on Friday revealed that FERC was one target of a wide-ranging operation directed by the Iranian government to steal information from governments and private companies around the world. 

DOJ said members of the Mabna Institute, a Tehran-based company, stole more than 31 terabytes of data and intellectual property from universities, as well as "email accounts of employees at private sector companies, government agencies, and non-governmental organizations."

In the U.S., the hacking affected more than 140 universities, 30 companies and five government agencies, Deputy Attorney General Rod Rosenstein said. “For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps."

At universities, hackers used stolen account credentials to "steal research, and other academic data and documents, including, among other things, academic journals, theses, dissertations, and electronic books." 

FERC in an emailed statement said it is working with federal law enforcement authorities, but offered no information about the nature of information stolen. 

"As the Commission previously stated, a small number of e-mail accounts were inappropriately accessed," spokesperson Craig Cano said in an email. "The Commission has taken and will continue to develop corrective action to ensure that appropriate controls are operating effectively."

The electric power sector is a prime target for cyberattacks, and earlier this month the federal government revealed that Russian hackers had mounted a prolonged attack on U.S. energy infrastructure. In that case, officials said the hacking objective was likely surveillance, but that such actions could reveal ways to disrupt industrial control systems on the grid. 

FERC has in recent months directed companies under its jurisdiction to beef up their cyberattack reporting. In December, the commission approved a rule directing companies to report cyber intrusions whenever an attacker breaches their electronic security perimeter or control and monitoring systems, even if they do not disrupt service.

This post has been updated to reflect comment from FERC. 

Recommended Reading

Filed Under: Regulation & Policy

Editors' picks

Company Announcements

View all | Post a press release
Heat Pump Assisted Water Heater Technology Could Make Big Lift
From Energy Solutions
November 07, 2024
Technosylva and KatRisk Join Forces to Expand Wildfire Management and Catastrophe Risk Modelin…
From Technosylva
November 18, 2024
Chartwell Electric Vehicle Benchmark Survey in the Field for North American Utilities
From Chartwell Inc.
November 19, 2024
Cooling Towers Go Green: Clear Comfort Unveils New AOP Water Treatment Systems
From Clear Comfort
November 12, 2024
Editors' picks
Latest in Regulation & Policy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell