Russian hackers infiltrated the control rooms of major U.S. electric utilities last year and got to the point where they “could have thrown switches,” Department of Homeland Security officials said Monday. Federal officials had previously warned of a few dozen victims in a massive Russian-backed cyberattack on utility companies last spring, but the DHS on Monday said “hundreds of victims” had fallen prey to a group of hackers tied to a state-sponsored group previously known as Dragonfly or Energetic Bear, according to The Wall Street Journal. The hackers are said to have broken into secure networks owned by utilities by using the credentials of actual employees, meaning some companies may have never discovered any traces of a breach. The attackers disguised themselves as “the people who touch these systems on a daily basis,” Jonathan Homer, chief of industrial-control-system analysis for DHS, was quoted as saying by the Journal. Federal officials say the hackers could have easily caused widespread blackouts—and they still could.