A hacking campaign is targeting the energy sector in Europe and the US with the potential of sabotaging national power grids, a cybersecurity firm has warned.
The group, dubbed “Dragonfly” by researchers at Symantec, has been in operation since at least 2011 but went dark in 2014 after it was first exposed, secretly placing backdoors in the industrial control systems of power plants across the US and Europe.
Now, Symantec reports, the group has resumed operations, apparently working since late 2015 to investigate and penetrate energy facilities in at least three countries: the US, Turkey and Switzerland.
“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” the cybersecurity firm warns.
Dragonfly’s methods are varied, but all its attacks seem to be focused on researching the inner workings of energy firms. It has been seen sending malicious emails with attachments that leak internal network credentials, which are then used to install backdoors on the network allowing the hackers to take control of computers and systems. They’ve also been seen seeding fake flash updates to install the backdoors and carrying out “watering hole” attacks, hacking third-party websites that were likely to be visited by people working in the energy sector.
Currently, the group appears to be solely in information-gathering mode, but Symantec warns that a quiet beginning is often a prelude to deliberate attempts at sabotage. The latest campaigns “show how the attackers may be entering into a new phase,” Symantec says, “with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.”
The researchers are unable to determine…
Full Story Via NewsFactor Network