Dragonfly Threat: Hackers Will Sabotage Power Grids

Uploaded on 2017-09-27 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Production-Utilities

A hacking campaign is targeting the energy sector in Europe and the US to potentially sabotage national power grids, a cybersecurity firm Symantec.

The group, dubbed “Dragonfly” by researchers at Symantec, has been in operation since at least 2011 but went dark in 2014 after it was first exposed, secretly placing backdoors in the industrial control systems of power plants across the US and Europe.

Now, Symantec reports, the group has resumed operations, apparently working since late 2015 to investigate and penetrate energy facilities in at least three countries: the US, Turkey and Switzerland.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the cybersecurity firm warns.

Dragonfly’s methods are varied, but all its attacks seem to be focused on researching the inner workings of energy firms. It has been seen sending malicious emails with attachments that leak internal network credentials, which are then used to install backdoors on the network allowing the hackers to take control of computers and systems.

They’ve also been seen seeding fake flash updates to install the backdoors and carrying out “watering hole” attacks, hacking third-party websites that were likely to be visited by people working in the energy sector.

Currently, the group appears to be solely in information-gathering mode, but Symantec warns that a quiet beginning is often a prelude to deliberate attempts at sabotage. The latest campaigns “show how the attackers may be entering into a new phase,” Symantec says, “with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.”

The researchers are unable to determine who is behind the Dragonfly campaign: some of the code is in Russian, but some is in French, “which indicates that one of these languages may be a false flag.

“Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it,” the report concludes.

Attacks on the energy sector have been increasing in frequency and damage in recent years, with Ukraine in particular being at the receiving end of multiple successful strikes. A blackout in west Ukraine in 2015 was caused by a group called Sandworm, while a second attack took out power in the nation’s capital, Kiev, in late 2016.

But other countries, including Britain and the US, have been subject to quieter attempts at infiltration, according to GCHQ.

The agency’s National Cybersecurity Centre warned in July that it had spotted connections “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors”.

Guardian:

You Might Also Read:

Critical Infrastructure Is The Next Target:

Russia Suspected As Hackers Breach Power Plant Systems:

 

« US Police Real-Time Mapping Of Terrorist Attacks
Fake Facebook Ads Surged During The US Presidential Election »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Commissum

Commissum

Commissum specialise in information assurance and security testing services.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Belcan

Belcan

Belcan is a global supplier of engineering, manufacturing & supply chain, workforce and government IT solutions to customers in the aerospace, defense, automotive, industrial, and private sector.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

Snare

Snare

Snare is a comprehensive set of event monitoring and analysis tools designed to address critical auditing and security requirements.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

Intellinexus

Intellinexus

Intellinexus turns data into actionable insights to revolutionise decision-making in your business.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.

Operational Systems (OpSys)

Operational Systems (OpSys)

OpSys is a leading Managed IT and Cyber Security provider protecting the critical elements of businesses across the globe.

Norwegian Data Protection Authority (Datatilsynet)

Norwegian Data Protection Authority (Datatilsynet)

The Norwegian Data Protection Authority (Datatilsynet) is the national data protection authority for Norway.