The US CERT issued a cyber security alert authored jointly by DHS and FBI yesterday. (https://www.us-cert.gov/ncas/alerts/TA18-074A) The alert called out Russian cyber actors for infiltrating our energy sector. It explained how they did it and most importantly, it listed actions corporate entities can take to protect themselves.
If you review the recommended Best Practices, you will find they reflect the actions required in the NIST SP 800-171r1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. I can't emphasize enough the effectiveness of the measures in the 171 and the importance in implementing them.