Dragonfly Hackers ‘Could Plunge Europe Into Darkness’

Security firm Symantec has warned of a resurgence in cyber attacks on European and US energy companies, which could result widespread power outages.

This is because Symantec said the hackers are using “highly sophisticated attempts to control – or even sabotage – operational systems at energy facilities.”

The hackers, known as Dragonfly (or Energetic Bear) were first revealed to the world back in 2014 by Symantec and other researchers, after they had carried out a widespread campaign on a number of energy firms.

HSBC, security

Power Disruption

Since 2014, the Dragonfly hackers have largely maintained a low profile. That said, they mostly been targetting businesses in the US, Spain, France, Italy, Germany, Turkey and Poland, and have managed to compromise industrial control systems (ICS) used to control sections of power plants.

The group itself is thought to have been in operation since at least 2011 and is based in Russia. It had initially targeted defence and aviation companies in the US and Canada before it moved its crosshairs over to energy firms.

And now according to Symantec, the energy sector in Europe and North America is once again being targeted by a new wave of cyber attacks “that could provide attackers with the means to severely disrupt affected operations.”

These new wave of cyber attacks began in December 2015, but have been ramping up significantly in 2017.

The crippling nature of these attacks has been amply demonstrated by the widespread disruptions to Ukraine’s power system in 2015 and 2016.

“The successful sabotage of an energy company could mean mass power outages, total shutdown of electrical grids, disruption to utilities or worse,” said Symantec.

It said that in recent months there has been attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the US.

Loading ... Loading ...

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so,” Symantec warned.

“As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software.

“The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organisations. The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.

Critical Infrastructure

“What is clear is that Dragonfly is a highly experienced threat actor, capable of compromising numerous organisations, stealing information, and gaining access to key systems. What it plans to do with all this intelligence has yet to become clear, but its capabilities do extend to materially disrupting targeted organisations should it choose to do so.”

Last month Corero Network Security warned that more than one-third of critical infrastructure organisations have admitted to skipping basic IT security precautions.

And in July the National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Those attacks are “likely” to have compromised some industrial control systems in the UK, the NCSC warned.

The US Department of Energy (DOE) has previously acknowledged those attacks, but said only administrative systems, and not industrial control systems, had been targeted.

Quiz: Do you know all about security in 2017?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

WhatsApp Appeal Against EU Fine Backed By Court Advisor

Notable development for Meta, after appeal against 2021 WhatsApp privacy fine is backed by advisor…

5 hours ago

Intel Board Shakeup As Three Members Confirm Retirement

First sign of shakeup under new CEO Lip-Bu Tan? Three Intel board members confirm they…

6 hours ago

Trump’s SEC Pick Pledges ‘Coherent’ Crypto Rules

Trump's nominee for SEC Chairman, Paul Atkins, has pledged a “rational, coherent, and principled approach”…

6 hours ago

Former Intel CEO Pat Gelsinger Joins Venture Capital Firm

After being 'retired' by Intel's board of directors, ex-CEO Pat Gelsinger has joined a VC…

11 hours ago

Trump Says China Tariffs May Be Cut To Seal TikTok Deal

President touts easing Chinese tariffs to facilitate TikTok sale, and also implements 25 percent tariff…

13 hours ago

Newspaper Lawsuit Against OpenAI Can Proceed Says Judge

Copyright lawsuit against OpenAI and Microsoft from The New York Times and other newspapers can…

14 hours ago