Hackers out of Eastern Europe and Russia are upping their game. According to private security researchers, this group of hackers have targeted western energy companies along with energy investment firms. These targeted hacks have raised fears of possible sabotage.
The group, dubbed Dragonfly, infiltrated multiple energy systems in the U.S., Spain, France, Italy, Germany, Turkey and Poland. Security experts believe the group is state-sponsored.
“Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability,” Symantec said. “Its current main motive appears to be cyber-espionage, with potential for sabotage a definite secondary capability.”
Security experts warn that nations have been looking at critical infrastructure of other nations to see if any weaknesses are there. These weaknesses could then be exploited should a conflict break out.
NATO is aware of this new war front and has made it clear that, in certain instances, a cyber attack can be treated the same as an attack by conventional methods.
How has Dragonfly attacked these energy firms? It’s a three-pronged approach. First, hackers utilize basic hacking techniques such as sending phishing emails containing malware. Second, the hackers targeted websites that may be frequented by those in the energy sector. Third, several industrial control system (ICS) equipment providers were compromised. The hackers infected the providers’ software and then would infect energy companies once they downloaded the ICS software.
In one instance, there were 250 downloads of infected software before the vendor discovered the breach.
“These infections not only gave the attackers a beachhead in the targeted organisations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers,” Symantec noted.
Symantec noted the attack is similar to Stuxnet. Stuxnet made headlines a while back after it was used to target Iran’s nuclear program. While Stuxnet was built for primarily a sabotage purpose. Symantec says sabotage is an optional capability for Dragonfly. Their primary goal centers around espionage and constant access.