Home > Tech

U.S. warns that Russian hackers breached critical infrastructure

Like, for example, U.S. nuclear power plants.
 By 
Jack Morse
 on 
Share on Facebook Share on Twitter Share on Flipboard
U.S. warns that Russian hackers breached critical infrastructure
Not great news. Credit: Jeff Fusco/Getty

Russian hackers don't just go after emails.

A report released Thursday afternoon by the United States Computer Emergency Readiness Team (US-CERT) details an alleged years-long Russian effort to infiltrate and control critical infrastructure across the U.S. And in many cases they appear to have succeeded.

SEE ALSO: Russian hacking group Fancy Bear targets hundreds of journalists

"Since at least March 2016, Russian government cyber actors—hereafter referred to as 'threat actors'—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors," reads the warning. It was based on analysis from the Department of Homeland Security (DHS) and the FBI.

The report notes that a variety of methods were used by the hackers to work their way into computer systems across the country, including but not limited to "spear-phishing emails (from compromised legitimate account)," "watering-hole domains," and "open-source and network reconnaissance."

The hackers are said to have straight up gotten access to workstations "that contained data output from control systems within energy generation facilities."

Original image replaced with Mashable logo
Original image has been replaced. Credit: Mashable

Basically, if they had wanted to, the hackers likely could have wreaked some serious havoc — like turning things off.

In addition to dropping this news, US-CERT also released a detailed list of best practices that businesses in critical industries should follow. On top of things like training people how to use email better (really), the team recommended mandating two-factor authentication for employees and establishing rules for complex passwords.

Those are both good ideas, if not rather basic.

One of the recommended best practices in particular, however, suggested that the situation was really bad. "Based on the suspected level of compromise, reset all user, administrator, and service account credentials across all local and domain systems."

Basically, change all of your passwords on everything. Yeah, not a good look.

Featured Video For You
Here's 5 tips for Spring cleaning your digital footprint

Topics Cybersecurity

Mashable Image
Jack Morse

Professionally paranoid. Covering privacy, security, and all things cryptocurrency and blockchain from San Francisco.

Mashable Potato
Recommended For You
Hackers says they breached Crunchyroll, stole nearly 7 million users' data
By Matt Binder
Crunchyroll logo
How hackers are stealing millions from ATMs, FBI warns
By Tim Marcin
a card being inserted into an atm
Homeland security pushes social media giants to dox anonymous accounts critical of ICE
By Jack Dawes
Ice Police Law Enforcement - Department of Homeland Security, Immigration and Customs Agents - stock photo
Iran-linked hackers launch cyberattack against U.S. medtech company Stryker
By Matt Binder
Stryker logo on medical equipment
Moltbook is a 'security nightmare' waiting to happen, expert warns
By Timothy Beck Werth
moltbook website appears on phone screen
Trending on Mashable
NYT Connections hints today: Clues, answers for April 4, 2026
By Mashable Team
Connections game on a smartphone
Wordle today: Answer, hints for April 4, 2026
By Mashable Team
Wordle game on a smartphone
Wordle today: Answer, hints for April 3, 2026
By Mashable Team
Wordle game on a smartphone
AirDrop on Pixel: Every Google smartphone that supports the Apple feature
By Alex Perry
Google Pixel 10 against blue background
NYT Connections hints today: Clues, answers for April 3, 2026
By Mashable Team
Connections game on a smartphone
The biggest stories of the day delivered to your inbox.
These newsletters may contain advertising, deals, or affiliate links. By clicking Subscribe, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up. See you at your inbox!