Hackers targeted US energy companies ahead of Ukraine invasion: source

close

Video

Concerns over cyberattacks mount if Russia retaliates for sanctions

'The Big Saturday Show' weighs in on Russia-Ukraine tensions as Biden admin says US unprepared for cyberattacks.

Nearly two dozen American companies involved with liquefied natural gas production were attacked by hackers in early February – two weeks prior to Russia’s invasion of Ukraine, Fox News has learned.

A source familiar with the intelligence told Fox News that 21 American companies, including Chevron Corporation and Cheniere Energy, were targeted two weeks before Russia launched its multi-front war on Ukraine.

RUSSIA INVADES UKRAINE: LIVE UPDATES

The U.S. Cybersecurity and Infrastructure Security Agency is working to confirm that the attacks emanated from Russia, but the source told Fox News it is believed that this hack marked the first stage of Russia’s effort to destabilize the U.S. energy industry.

The Chevron logo is displayed as a tanker truck enters the Chevron Products Company El Segundo Refinery on Jan. 26, 2022, in El Segundo, California.  (PATRICK T. FALLON/AFP via Getty Images)

The source told Fox News that the computers belonging to current and former employees were hacked during the attack. 

"Chevron takes the threat of malicious cyber activity seriously," A Chevron spokesperson told Fox News. "We have implemented the United States government's recommendations into our cybersecurity safeguards to protect Chevron's computing environment."

Cheniere did not immediately respond to Fox News' request for comment.

President Biden on Tuesday announced a ban on all imports of Russian oil, gas and energy to the United States, targeting the "main artery" of Russia's economy amid Russian President Vladimir Putin's war on Ukraine. Russia is the third-largest producer of oil in the world.

An aerial image taken on Jan. 24, 2022, shows storage tanks at the Chevron Products Company El Segundo Refinery adjacent to homes at sunset in Manhattan Beach, California.  (PATRICK T. FALLON/AFP via Getty Images)

The U.S. intelligence community in January assessed that Russia would remain a "top cyber threat" in 2022 as it refines and employs its espionage, influence and attack capabilities.

RUSSIA 'DOES NOT WANT A DIRECT CONFLICT WITH US FORCES,' INTELLIGENCE COMMUNITY ASSESSED IN JANUARY

"We assess that Russia views cyber disruptions as a foreign policy lever to shape other countries’ decisions, as well as a deterrence and military tool," states the intelligence community's annual threat assessment report, released Tuesday.

Ari Aziz, director of operations for Cheniere Energy Inc., stands for a photograph at the company's liquefied natural gas (LNG) export terminal under construction in Corpus Christi, Texas, Oct. 3, 2018. (Eddie Seal/Bloomberg via Getty Images)

The intelligence community found that Russia is particularly focused on improving its ability "to target critical infrastructure, including underwater cables and industrial control systems" in the United States, as well as in U.S. allied and partner countries. The IC found that Russia’s successful compromise of that infrastructure would demonstrate Russia’s "ability to damage infrastructure during a crisis."

The IC, at the time, said Russia is also using cyber operations to "attack entities it sees as working to undermine its interests or threaten the stability of the Russian Government."

This week, New York state said it is facing "increased risk" of cyberattacks from Russian retaliators, with NYPD officials warning that New York City is on "ultra-high alert."

In mid-February, Russia was suspected of launching cyberattacks that brought down websites belonging to Ukraine’s Ministry of Defense, army and popular banks, a move officials, at the time, called the "largest" of its kind in the history of Ukraine. The Kremlin denied Russian involvement.

Cheniere Energy Inc. Liquefaction facility on Corpus Christi Bay in Portland, Texas, Feb. 19, 2021. (Eddie Seal/Bloomberg)

Just a week later, on Feb. 24 Russia launched its multi-front war against Ukraine.

Meanwhile, a government source told Fox News that CISA and the FBI are working with an unnamed American pharmaceutical company whose top executives have been targeted by Russian intelligence operatives in ongoing "malicious phishing attacks." 

The U.S. government has attributed these cyberattacks to a Federal Security Service training site in Nizhniy Novgorod. 

Fox News has learned that those attacks began last week. 

Last month, the Department of Homeland Security warned U.S. organizations at all levels that they could face cyberthreats stemming from the Russia-Ukraine conflict. 

RUSSIA-UKRAINE WAR: INTEL OFFICIALS PREDICT 'UGLY' WEEKS AHEAD AS PUTIN DOUBLES DOWN

The Biden administration has worked to strengthen cyber defenses after a string of ransomware attacks last summer, with foreign malign actors targeting pieces of U.S. critical infrastructure.

In June 2021, a ransomware assault shut down the U.S.-based meat plants of the world’s largest meatpacker, Brazil-based JBS. The White House said the hack was likely carried out by a criminal group based in Russia. 

The attack on JBS came just weeks after the largest U.S. fuel pipeline, the East Coast's Colonial Pipeline, was targeted by a criminal group originating in Russia.

UKRAINE CYBERATTACK: RUSSIA BLAMED FOR ‘LARGEST’ DISRUPTION OF ITS KIND IN COUNTRY’S HISTORY

Biden, during his summit in Geneva with Russian President Vladimir Putin in June 2021, raised the issue of ransomware. Biden, at the time, said he told Putin that "certain critical infrastructure should be off limits to attack." Biden said he gave a list of "16 specific entities defined as critical infrastructure," saying it ranged from energy to water systems. 

Putin, though, during his press conference after the meeting, denied that Russia was responsible for cyberattacks and instead claimed that most cyberattacks in the world were carried out from the U.S.

CLICK HERE TO GET THE FOX NEWS APP

Biden in July signed a national security memorandum directing his administration to develop cybersecurity performance goals for critical infrastructure in the U.S. – entities like electricity utility companies, chemical plants and nuclear reactors. 

The memo also formally established Biden's Cyber Security Initiative, a voluntary collaborative effort between the federal government and critical infrastructure entities to facilitate the deployment of technology and systems that provide threat visibility indicators and detections.