“Attach[ed] is a quote for the Social Media training we discussed,” said one message sent on July 3 to the vice president of EnergySec, a federally funded group in Oregon that focuses on the cybersecurity of the nation’s power grid.
Other security researchers asked to review the situation found the attachments were not actually .pdf documents but “executable files” that deposited “Trojan horse” code when a computer user clicked on them, said Jaime Blasco, security lab manager at AlienVault, who reviewed the attack.
Blasco and his partner, Ruben Santamarta of the security firm IOActive, found the hackers had used multiple Web server computers to give instructions to the malicious code.
Officials at NJVC and NEMA acknowledged the attacks but said employees prevented network intrusions. Department of Homeland Security officials declined to discuss the episodes.
The scope of the attacks expanded in July, when the cybersecurity group EnergySec was hit. EnergySec President Patrick Miller also reached out to Blasco for help. Based on evidence, it appeared to be the same attackers: a group of Chinese hackers that had been using social engineering for nearly a decade to break into systems across the globe with impunity.