Energy companies in the US and Europe are being targeted by an increasingly intense campaign of cyber attacks, security researchers have warned.
According to security firm Symantec, power companies in the US, Turkey and Switzerland have been targeted by a group of highly sophisticated hackers, which has been operating since at least 2011.
The group, which researchers have dubbed 'Dragonfly', has been attempting to gather intelligence and gain operational control of systems in energy facilities for an unknown purpose.
"The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organizations," Symantec said.
"The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future."
Dragonfly's targeting of power companies raises echoes of attacks against the Ukrainian energy grid which plunged parts of the country into darkness in 2015 and 2016. However, researchers have not identified any concrete links between those incidents and attacks carried out by Dragonfly, and warned against jumping to conclusions regarding attribution.
The group mostly used popular 'off-the-shelf' malware and widely-available administration tools to carry out attacks, which Symantec theorised could be part of a strategy to thwart attribution attempts.
Researchers also noted what while parts of the malware used by the group were written in Russian, other parts were written in French another potential false flag to throw investigators off the scent.
"Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it," Symantec said.
"What is clear is that Dragonfly is a highly experienced threat actor, capable of compromising numerous organizations, stealing information, and gaining access to key systems. What it plans to do with all this intelligence has yet to become clear, but its capabilities do extend to materially disrupting targeted organizations should it choose to do so."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Symantec profits surge as firms prop up their cyber defencesNews The company also announced plans to sell its web certificate business
-
Symantec to pay $4.65 billion to acquire Blue CoatNews Greg Clark to become Symantec CEO, promising new cloud security
-
Symantec ditches reseller guilty of scamming PC users
News Silurian told people they had malware, then sold them Norton Antivirus for $249
-
NATO builds up cyber alliance with Symantec tie-inNews Military industrial link up to fight cyber attacks
-
Junk emails fall to their lowest rate in 12 yearsNews Spam is dropping, says Symantec, but other malware threats are on the rise
-
Kaspersky: "We have never been asked to whitelist malware"News A company blog has revealed neither government nor any other entity has asked it to stop detecting malware
-
Symantec confirms split into separate security & storage entitiesNews Storage and security will be separated as Symantec tries to boost sales in both
-
Symantec: “Anti-virus software is no moneymaker"News Norton designers claim anti-virus is ineffective in the modern security climate
