'Dragonfly' hackers hit 1,000 U.S., European energy companies with cyberattacks
The global cyberwar just got a bit too real.
A huge and “ongoing cyberespionage campaign” against major companies in the energy sector of North America and Europe has given the attackers the ability to carry out industrially sabotage, damage, and disrupt industry across the Western world, security firm Symantec reports.
Active infections were found in 1,018 unique organizations across 84 different countries. Targets include energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers in the United States, Spain, France, Italy, Germany, Turkey, and Poland. Until 2012, the cadre of attackers targeted mainly U.S. and Canadian defense and aviation firms.
Image via Symantec
The attacker group, known as Dragonfly, is a well-armed group of unknown origin that is also known as Energetic Bear. The group has been around since at least 2011. They use a wide variety of malware to attack in various ways including spam email campaigns and watering hole attacks to steal control of crucial systems.
Although no one yet knows Dragonfly’s origins, the breadth and sophistication of its operations suggest the backing of a nation with interests in compromising Western companies. Not only that, but the attackers clearly had a Monday-to-Friday work schedule, according to Symantec analysis. They would check in at 9 a.m. and stop work at 6 p.m. on an Eastern European timezone.
“Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability,” according to Symantec’s blog.
"The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability."
The two main weapons in Dragonfly’s arsenal are two pieces of malware called Backdoor.Oldrea and Trojan.Karagany. Oldrea, Symantec has determined, is a custom program that can steal all of a computer’s data, download additional weapons, and open a backdoor to let attackers into the infected computer. Each weapon has infected up to 50 targets.
The “most ambitious attack” targetted industrial control system equipment providers with remote access-type Trojans, a common but effective type of cyberattack that allows someone to control a computer from a remote location. In this case, the hijacked computers were in charge of massive swaths of Western industry.
Although the group’s ability to sabotage and persistently access power plants recalls the famous Stuxnet worm used against Iran, Dragonfly’s capabilities are much more expansive.
Texans are adopting dogs in droves to rescue them from flooded animal shelters
Now this is Southern hospitality.57k
This photo of an Army widow at her husband's grave reminds us what Memorial Day is all about
Laureen Lopez-Berry's husband Richard was killed by a car bomb in Afghanistan in 2012.38k
How to play every classic video game on your phone
The best '80s and '90s consoles in the palm of your hand.19k
Seismologist screens The Rock's 'San Andreas,' outlines all of its gross inaccuracies
The film got a surprising amount of things right, but a lot of the science hilariously wrong.
Tiny bear cubs have the world's cutest wrestling match
Can. Not. Handle. This.8