Recently released details about the 2017 attack say Russian hackers targeted mostly the energy sector, but also made moves to attack nuclear, aviation, and critical manufacturing as well, Jonathan Homer, head of Homeland Security, told the Associated Press.

Through the attacks, officials said the hackers had the ability to cause massive blackouts; however, they chose not to, the AP reports. It’s possible that many companies did not even know they were victims of the attack, simply because hackers used the credentials of actual employees to gain access.

Phishing involves sending an email to someone that claims to be from a reputable company when it’s actually from a hacker. When the recipient clicks on that email and enters his or her password, they’re essentially handing that password over to hackers.