Dragonfly Threat: Hackers Will Sabotage Power Grids

A hacking campaign is targeting the energy sector in Europe and the US to potentially sabotage national power grids, a cybersecurity firm Symantec.

The group, dubbed “Dragonfly” by researchers at Symantec, has been in operation since at least 2011 but went dark in 2014 after it was first exposed, secretly placing backdoors in the industrial control systems of power plants across the US and Europe.

Now, Symantec reports, the group has resumed operations, apparently working since late 2015 to investigate and penetrate energy facilities in at least three countries: the US, Turkey and Switzerland.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the cybersecurity firm warns.

Dragonfly’s methods are varied, but all its attacks seem to be focused on researching the inner workings of energy firms. It has been seen sending malicious emails with attachments that leak internal network credentials, which are then used to install backdoors on the network allowing the hackers to take control of computers and systems.

They’ve also been seen seeding fake flash updates to install the backdoors and carrying out “watering hole” attacks, hacking third-party websites that were likely to be visited by people working in the energy sector.

Currently, the group appears to be solely in information-gathering mode, but Symantec warns that a quiet beginning is often a prelude to deliberate attempts at sabotage. The latest campaigns “show how the attackers may be entering into a new phase,” Symantec says, “with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.”

The researchers are unable to determine who is behind the Dragonfly campaign: some of the code is in Russian, but some is in French, “which indicates that one of these languages may be a false flag.

“Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it,” the report concludes.

Attacks on the energy sector have been increasing in frequency and damage in recent years, with Ukraine in particular being at the receiving end of multiple successful strikes. A blackout in west Ukraine in 2015 was caused by a group called Sandworm, while a second attack took out power in the nation’s capital, Kiev, in late 2016.

But other countries, including Britain and the US, have been subject to quieter attempts at infiltration, according to GCHQ.

The agency’s National Cybersecurity Centre warned in July that it had spotted connections “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors”.

Guardian:

You Might Also Read:

Critical Infrastructure Is The Next Target:

Russia Suspected As Hackers Breach Power Plant Systems:

 

« US Police Real-Time Mapping Of Terrorist Attacks
Fake Facebook Ads Surged During The US Presidential Election »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

Shadowserver Foundation

Shadowserver Foundation

Shadowserver Foundation aims to improve internet security by raising awareness of compromised servers, malicious attackers and the spread of malware.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

Ritz

Ritz

Ritz is the largest holistic pure-play cyber security solutions provider in Myanmar.

CyberGRX

CyberGRX

The CyberGRX Exchange and our risk assessments-as-a-service help Enterprises and Third Parties cost-effectively identify, prioritize and mitigate risk.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

Australian Cyber Collaboration Centre (Aus3C)

Australian Cyber Collaboration Centre (Aus3C)

The Australian Cyber Collaboration Centre (Aus3C) is committed to building cyber capacity and securing Australia's digital landscape.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

Infosequre

Infosequre

Infosequre builds up your security awareness culture and turns your employees into the first line of defense against cyber risks.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

Vortacity Cyber

Vortacity Cyber

Vortacity is a boutique cybersecurity provider specializing in associations, nonprofits, and mission-based organizations.

SOC-E

SOC-E

SOC-E is a leading technology provider for high-availability and deterministic networking, sub-microsecond synchronization and cybersecurity solutions for critical sectors.