Is North Korea Preparing to Attack U.S. Power Plants?

State-backed hackers in North Korea are setting their sights on critical infrastructure in the United States with the aim of knocking out power in the country, cybersecurity researchers have warned.

A group of hackers by the name of Covellite is developing malware that could infect power grids, according to research from U.S.-based firm Dragos, triggering electrical outages similar to those that happened in Ukraine in 2016.

North Korean hackers have previously launched devastating attacks on IT systems around the world, causing billions of dollars of damage. The state-backed Lazarus Group launched malware known as WannaCry last year, which was one of the most widespread ransomware attacks that has ever taken place.

The same group also gained notoriety following the Sony Pictures hack in 2014, after the film studio’s movie The Interview portrayed North Korean leader Kim Jong Un in an unfavorable light.

Dragos identified similarities between the Covellite and Lazarus hackers in its latest report, suggesting strong links between the groups.

“We identified similarities in both infrastructure and malware with the Lazarus Group,” the researchers wrote.

“While Dragos does not comment on or perform traditional nation-state attribution, the combination of technical ability plus the willingness to launch destructive attacks displayed by the linked group Lazarus makes Covellite an actor of significant interest.”

Read more: Was North Korea’s Bureau 121 hacking group behind attacks that took down large parts of the internet?

One of the similarities linking the two groups, according to Dragos, was the attack method used by Lazarus to target bitcoin exchanges in South Korea last year. The hackers were able to steal around $72 million worth of bitcoin, leading to the bankruptcy of the Youbit exchange in April.

A similar technique was identified in a small but highly-targeted phishing campaign against a U.S. electric grid company in September 2017. Dragos also uncovered attacks sharing the same characteristics across Asia, Europe and North America.