Dragonfly Threat: Hackers Will Sabotage Power Grids

Uploaded on 2017-09-27 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Production-Utilities

A hacking campaign is targeting the energy sector in Europe and the US to potentially sabotage national power grids, a cybersecurity firm Symantec.

The group, dubbed “Dragonfly” by researchers at Symantec, has been in operation since at least 2011 but went dark in 2014 after it was first exposed, secretly placing backdoors in the industrial control systems of power plants across the US and Europe.

Now, Symantec reports, the group has resumed operations, apparently working since late 2015 to investigate and penetrate energy facilities in at least three countries: the US, Turkey and Switzerland.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the cybersecurity firm warns.

Dragonfly’s methods are varied, but all its attacks seem to be focused on researching the inner workings of energy firms. It has been seen sending malicious emails with attachments that leak internal network credentials, which are then used to install backdoors on the network allowing the hackers to take control of computers and systems.

They’ve also been seen seeding fake flash updates to install the backdoors and carrying out “watering hole” attacks, hacking third-party websites that were likely to be visited by people working in the energy sector.

Currently, the group appears to be solely in information-gathering mode, but Symantec warns that a quiet beginning is often a prelude to deliberate attempts at sabotage. The latest campaigns “show how the attackers may be entering into a new phase,” Symantec says, “with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.”

The researchers are unable to determine who is behind the Dragonfly campaign: some of the code is in Russian, but some is in French, “which indicates that one of these languages may be a false flag.

“Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it,” the report concludes.

Attacks on the energy sector have been increasing in frequency and damage in recent years, with Ukraine in particular being at the receiving end of multiple successful strikes. A blackout in west Ukraine in 2015 was caused by a group called Sandworm, while a second attack took out power in the nation’s capital, Kiev, in late 2016.

But other countries, including Britain and the US, have been subject to quieter attempts at infiltration, according to GCHQ.

The agency’s National Cybersecurity Centre warned in July that it had spotted connections “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors”.

Guardian:

You Might Also Read:

Critical Infrastructure Is The Next Target:

Russia Suspected As Hackers Breach Power Plant Systems:

 

« US Police Real-Time Mapping Of Terrorist Attacks
Fake Facebook Ads Surged During The US Presidential Election »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Seclore

Seclore

Seclore is the most advanced, secure, and automated Enterprise Digital Rights Management (EDRM) solution available.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

ThirdWatch

ThirdWatch

ThirdWatch is a Data Science company with real-time automated fraud prevention solutions.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

Prolimax

Prolimax

Prolimax deliver innovative solutions to IT Manufacturers, Distributors, Resellers and End-users including Data Erasure and secure IT Asset Disposition (ITAD)

CyberGuru

CyberGuru

CyberGuru is a service provided by CyberSecurity Malaysia specializing in cyber security professional training and development.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

BluescreenIT (BIT)

BluescreenIT (BIT)

BluescreenIT is an IT Security Consultancy and IT and Cyber Security Training company supporting industry, local authorities, MoD and governmental IT departments.

BalkanID

BalkanID

BalkanID is an Identity governance solution that leverages data science to provide visibility into your SaaS & public cloud entitlement sprawl.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.